On Sat, 2013-03-09 at 09:23 -0800, John Hardin wrote: > On Sat, 9 Mar 2013, Martin Gregorie wrote: > > > Presumably the, ahem, misguided js interpretation is being triggered by > > the <script></script> tags, so wouldn't the regex I've used here > > > > mimeheader JS_TRAP_RULE name =~ /<script>/ > > > > be a more general way of catching this sort of thing when its supplied > > as the attachment name and/or file name? > > Yeah, that would be the best thing to look for. > In case anybody is interested, here's my resulting, tested rule:
describe SCRIPTED_NAME Attachment name or filename is a script mimeheader __SCRIPTN1 Content-Type =~ /name.*\=.*<script>/ mimeheader __SCRIPTN2 Content-Disposition =~ /filename.*\=.*<script>/ meta SCRIPTED_NAME (__MG_SCRIPTN1 || __MG_SCRIPTN2) score SCRIPTED_NAME 6.0 Martin