On Sat, 3 Mar 2012 13:27:19 -0500, Juiceman wrote: > On Sat, Mar 3, 2012 at 9:22 AM, Jep <j...@jep-z11.xs4all.nl> wrote: > > > There is no way to include a simple counter on a web page in > > Freenet as far as I can see. > > > > It would require some kind of scripting that the content filter > > would allow I reckon. Is it feasible to implement such? A strict > > method the filter allows, perhaps, writing to a log file within the > > freesite container. > > > > > > Another thing, not very important but still. The content filter > > strips out anything that would make favicons work. For instance, > > rel="shortcut icon" is not accepted. > > I can't see how 'local' favicons, icons within the freesite, could > > be a danger to anonymity, so if that limitation could be taken out > > of the filter? Allowing just /favicon.ico would do the trick. > > > > Is there any documentation on the FN content filter? > > > > I believe .ICOs are blocked due to a Microsoft vulnerability > Something about a divide-by-zero overflow. Ah, here it is. > http://www.kb.cert.org/vuls/id/290961 > > Quote from the page: > "There is an integer division by zero vulnerability in the way the ICO > parsing component of GDI+ (Gdiplus.dll) handles ICO files with a > Heightvalue of zero in the > InfoHeader section of the ICO file. By introducing a specially > crafted ICO file to the vulnerable component, a remote attacker could > trigger an integer division by zero denial-of-service condition. > > > I imagine a simple filter could be written that checks that none of > the dimensions are declared "0"." Of course, I can say it's simple > because I am not the one coding it ;-) .
Aren't there tonnes of these kinds of bugs... ie. I don't think it's Freenet's responsibility to manage all the other possibly bugged packages on one's system. If anyone is using such a bugged version of Microsoft, they'll get screwed no matter what bandaids Freenet tries to apply. _______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
