On Sat, Mar 3, 2012 at 9:22 AM, Jep <j...@jep-z11.xs4all.nl> wrote: > There is no way to include a simple counter on a web page in Freenet as > far as I can see. > > It would require some kind of scripting that the content filter would > allow I reckon. Is it feasible to implement such? A strict method the > filter allows, perhaps, writing to a log file within the freesite container. > > > Another thing, not very important but still. The content filter strips out > anything that would make favicons work. For instance, rel="shortcut icon" > is not accepted. > I can't see how 'local' favicons, icons within the freesite, could be a > danger to anonymity, so if that limitation could be taken out of the > filter? Allowing just /favicon.ico would do the trick. > > Is there any documentation on the FN content filter? >
I believe .ICOs are blocked due to a Microsoft vulnerability Something about a divide-by-zero overflow. Ah, here it is. http://www.kb.cert.org/vuls/id/290961 Quote from the page: "There is an integer division by zero vulnerability in the way the ICO parsing component of GDI+ (Gdiplus.dll) handles ICO files with a Heightvalue of zero in the InfoHeader section of the ICO file. By introducing a specially crafted ICO file to the vulnerable component, a remote attacker could trigger an integer division by zero denial-of-service condition. I imagine a simple filter could be written that checks that none of the dimensions are declared "0"." Of course, I can say it's simple because I am not the one coding it ;-) . . -- I may disagree with what you have to say, but I shall defend, to the death, your right to say it. - Voltaire Those who would give up Liberty, to purchase temporary Safety, deserve neither Liberty nor Safety. - Ben Franklin
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
