On Fri, Nov 22, 2002 at 11:03:07PM +0100, Michael Schierl wrote: > Hi, > > Seems that I found a rather big "hole" in fproxy's anonymity filter: > > > when you insert a file encoded in UTF16 with a proper byteorder mark at > the beginning (i.e. FFFE or FEFF), it is understood by most of the > browsers. Not any more. Fproxy now supports text/html?charset=<some charset supported by your JVM>. If no charset is specified, it is forced in the browser (by headers) to be ISO-8859-1, the default. It is filtered using the charset specified. So fproxy now has proper I18N support, and it is filtered properly too. I wanna see some wierd charset pages on freenet now people! :)
Testing would be appreciated, as would more anon filter bugs. > > (btw it is the only way I know of using national chars that don't have a > textual entity in HTML files on Freenet at all, as charset=UTF8 meta > tags are blocked by the anonymity filter. Allowing those would be > better, I think.) They are still blocked. IMHO we should allow charset specification at the headers level, so we can filter it safely - anything else leads to horrible ambiguity and major code bloat. > > Despite that, fproxy's anonymity filter lets it go through without > finding anything in it - e. g. images loaded from the web will pass > without warning. Not any more. > > I inserted two sample files at > > SSK at eUBIUpjnEDHs3oUm4SlPEtQdrH0PAgM/ascii.html This trips the filter now. > SSK at eUBIUpjnEDHs3oUm4SlPEtQdrH0PAgM/unicode.html This gets displayed as ISO-8859-1, so looks like crap, but is harmless. At least in Mozilla. IE probably autodetects it and shows the hole, but if you use IE you're wide open anyway due to the MIME type autodetection. > > Both the same "source" text, but the first one in ASCII (causes a fproxy > warning) and the second one in UTF-16 (does not cause one). > > Michael > -- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021128/48e61413/attachment.pgp>
