From: Fabian Keil Date: Thu, 6 Feb 2025 13:56:56 +0000 (+0100) Subject: Really remove the obsolete ie-exploits filter X-Git-Url: http://www.privoxy.org/gitweb/%22https:/developer-manual/man-page/user-manual/@user-manual@actions-file.html?a=commitdiff_plain;h=0c0353853a8ddaf273b3f559b6bc51faa7e144cf;p=privoxy.git Really remove the obsolete ie-exploits filter It doesn't actually reliably protect against Nimda, there never were active maintainers and IE is obsolete anyway. Also some virus scanners seem to be offended by the test case for the filter in the source tarball. This should have been committed with 62b68d363a7e71b. --- diff --git a/default.action.master b/default.action.master index fd5559b2..ebf953a0 100644 --- a/default.action.master +++ b/default.action.master @@ -283,7 +283,6 @@ # quicktime-kioskmode: Make Quicktime movies saveable. # fun: Text replacements for subversive browsing fun! # crude-parental: Crude parental filtering. Note that this filter doesn't work reliably. -# ie-exploits: Disable some known Internet Explorer bug exploits. # site-specifics: Cure for site-specific problems. Don't apply generally! # no-ping: Removes non-standard ping attributes in and tags. # google: CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement. @@ -566,7 +565,6 @@ standard.Cautious +filter{banners-by-size} \ +filter{webbugs} \ +filter{jumping-windows} \ -+filter{ie-exploits} \ +hide-from-header{block} \ +hide-referrer{conditional-block} \ +session-cookies-only \ diff --git a/default.filter b/default.filter index e1f7a6ea..c36783a3 100644 --- a/default.filter +++ b/default.filter @@ -493,29 +493,6 @@ content filter because of an regulations text.\n\ @is -################################################################################# -# -# IE-Exploits: Disable some known Internet Explorer bug exploits. -# -################################################################################# -FILTER: ie-exploits Disable some known Internet Explorer bug exploits. - -# Note: This is basically a demo and waits for someone more interested in IE -# security (sic!) to take over. - -# Cross-site-scripting: -# -s%f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);%alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);%siU - -# Address bar spoofing (http://www.secunia.com/advisories/10395/): -# -s/(]*href[^>]*)(?:\x01|\x02|\x03|%0[012])@/$1MALICIOUS-LINK@/ig - -# Nimda: -# -s%%
WARNING: This Server is infected with
Nimda!%g - - ################################################################################# # # diff --git a/tests/cts/content-filters/content-filters.action b/tests/cts/content-filters/content-filters.action index 546e0917..7ebc7f67 100644 --- a/tests/cts/content-filters/content-filters.action +++ b/tests/cts/content-filters/content-filters.action @@ -58,9 +58,6 @@ {+filter{crude-parental}} /crude-parental/ -{+filter{ie-exploits}} -/ie-exploits/ - {+filter{site-specifics}} /site-specifics/