On Thu, Dec 28, 2000 at 02:33:53AM -0800, Dev Random wrote:
> Okay, although I will prune mime types that are potential holes
> (e.g. Flash can go to arbitrary URLs).
Er, I am getting:
Warning: Unknown mime type text/html on
SSK@u1AntQcZ81Y4c2tJKd1M87cZvPoQAgE/pigdog+journal/2000-12-25/index.html
I am guessing that that is not quite right!
I have also added functionality to provide a more detailed explanation
in the FilterException, and have provided some explanations which
shouldn't baffle the newbie, but explains the threat in practical terms.
I think there should also be an option to inspect the page in a secure
manner, the easiest way to do this would be to provide functionality to
force the MIME type to be "text/plain" which will allow the browser to
display it without any risk to the user.
This is a great feature, but we need to test it carefully, it has the
potential to really interfere with usability if we don't do it right.
Also, once date-based updates are implemented properly in FProxy, there
should be no good excuse for Javascript in-future.
Ian.
PGP signature
