#
# File : $Source: /cvsroot/ijbswa/current/default.filter,v $
#
-# $Id: default.filter,v 1.11.2.11 2002/11/12 16:14:43 oes Exp $
+# $Id: default.filter,v 1.11.2.21 2004/01/20 15:15:01 oes Exp $
#
# Purpose : Rules to process the content of web pages
#
-# Copyright : Written by and Copyright
+# Copyright : Written by and Copyright (C) 2001 - 2004 the
# Privoxy team. http://www.privoxy.org/
#
# We value your feedback. However, to provide you with the best support,
#################################################################################
#
-# js-events: Kill all JS event bindings (Radically destructive! Only for extra nasty sites)
+# js-events: Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites)
#
#################################################################################
-FILTER: js-events Kill all JS event bindings (Radically destructive! Only for extra nasty sites)
+FILTER: js-events Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites)
s/(on|event\.)((mouse(over|out|down|up|move))|(un)?load|contextmenu|selectstart)/never/ig
# Not events, but abused on the same type of sites:
s/(alert|confirm)\s*\(/concat(/ig
-
+s/settimeout\(/concat(/ig
#################################################################################
#
# The <BLINK> and <MARQUEE> tags were crimes!
#
-s*</?(blink|marquee)>**ig
+s-</?(blink|marquee).*>--sigU
#################################################################################
#################################################################################
FILTER: unsolicited-popups Disable only unsolicited pop-up windows
-s+<body.*>+$0<script><!--\nfunction PrivoxyWindowOpen(){return(null);}\n//--></script>+isU
+s+([^'"]\s*<head.*>)(?=\s*[^'"])+$1<script>function PrivoxyWindowOpen(){return(null);}</script>+isU
s+([^\w\s.]\s*)((window|this|parent)\.)?open\s*\(+$1PrivoxyWindowOpen(+ig
-s+</body>+<script><!--\nfunction PrivoxyWindowOpen(a, b, c){return(window.open(a, b, c));}\n//--></script>$0+iU
+s+([^'"]\s*)(?=</html>(\s*[^'"]|$))+$1<script>function PrivoxyWindowOpen(a, b, c){return(window.open(a, b, c));}</script>+iU
##################################################################################
FILTER: all-popups Kill all popups in JavaScript and HTML
s/((\W\s*)(window|this|parent)\.)open\s*\\?\(/$1concat(/ig # JavaScript
-s/ target\s*=\s*(['"]?)(_blank|_new)\1?/ notarget/ig # HTML
+s/\starget\s*=\s*(['"]?)_?(blank|new)\1?/ notarget/ig # HTML
##################################################################################
s|<img\s+?([^>]*) src\s*=\s*(['"])([^>\\\2]+)\2|<img src=$2$3$2 $1|siUg
s|<img\s+?([^>]*) src\s*=\s*([^'">\\\s]+)|<img src=$2 $1|sig
-s|<img (src=(?:(['"])[^>\\\\2]+\2\|[^'">\\\s]+?))([^>]*)width\s*=\s*(["']?)(\d+?)|<img $1 width=$4$5$4$3|siUg
+s|<img (src=(?:(['"])[^>\\\\2]+\2\|[^'">\\\s]+?))([^>]*)width\s*=\s*(["']?)(\d+?)\4|<img $1 width=$4$5$4$3|siUg
#################################################################################
FILTER: banners-by-size Kill banners by size
# 88*31
-s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)88\4)[^>]*?(height=(['"]?)31\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
+s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)88\4)[^>]*?(height=(['"]?)31\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
# 120*60, 120*90, 120*240, 120*600
-s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)120\4)[^>]*?(height=(['"]?)(?:600?|90|240)\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
+s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)120\4)[^>]*?(height=(['"]?)(?:600?|90|240)\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
# 125*125
-s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)125\4)[^>]*?(height=(['"]?)125\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
+s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)125\4)[^>]*?(height=(['"]?)125\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
# 160*600
-s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)160\4)[^>]*?(height=(['"]?)600\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
+s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)160\4)[^>]*?(height=(['"]?)600\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
# 180*150
-s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)180\4)[^>]*?(height=(['"]?)150\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
+s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)180\4)[^>]*?(height=(['"]?)150\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
# 234*60, 468*60 (Most Banners!)
-s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)(?:234|468)\4)[^>]*?(height=(['"]?)60\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
+s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)(?:234|468)\4)[^>]*?(height=(['"]?)60\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
# 240*400
-s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)240\4)[^>]*?(height=(['"]?)400\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
+s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)240\4)[^>]*?(height=(['"]?)400\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
# 250*250, 300*250
-s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)(?:250|300)\4)[^>]*?(height=(['"]?)250\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
+s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)(?:250|300)\4)[^>]*?(height=(['"]?)250\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
# 336*280
-s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)336\4)[^>]*?(height=(['"]?)280\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
+s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)336\4)[^>]*?(height=(['"]?)280\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
# Note: 200*50 was also proposed, but it probably causes too much collateral damage:
#
-#s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)200\4)[^>]*?(height=(['"]?)50\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
+#s@<img\s+(?:src\s*=\s*(['"]?)([^>\\\1\s]+)\1)?[^>]*?(width=(['"]?)200\4)[^>]*?(height=(['"]?)50\6)[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed-$2-by-size$1 $3 $5>@sig
#################################################################################
| tracker | counter # common \
| adlog\.pl # see sf.net \
)[^>\1\s]*)\1[^>]*>\s*<img\s+(?:src\s*=\s*(['"]?)([^>\\\3\s]+)\3)?[^>]*((?:width|height)\s*=\s*(['"]?)\d+?\6)[^>]*((?:width|height)\s*=\s*(['"]?)\d+?\8)[^>]*>\
-@<img $5 $7 src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed $4 by link to $2$1>@sigx
+@<img $5 $7 src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed $4 by link to $2$1>@sigx
# Rare case w/o explicit dimensions:
#
-s@<a\s+href\s*=\s*(['"]?)([^>\1\s]*?(?:adclick|atwola\.com/(?:link|redir)|doubleclick\.net/jump/|tracker|counter|adlog\.pl)[^>\1\s]*)\1[^>]*>\s*<img\s+(?:src\s*=\s*(['"]?)([^>\\\3\s]+)\3)?[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 title=$1Killed $4 by link to $2$1>@sig
+s@<a\s+href\s*=\s*(['"]?)([^>\1\s]*?(?:adclick|atwola\.com/(?:link|redir)|doubleclick\.net/jump/|tracker|counter|adlog\.pl)[^>\1\s]*)\1[^>]*>\s*<img\s+(?:src\s*=\s*(['"]?)([^>\\\3\s]+)\3)?[^>]*>@<img src=$1http://config.privoxy.org/send-banner?type=auto$1 border=$1\\0$1 title=$1Killed $4 by link to $2$1>@sig
################################################################################
#################################################################################
FILTER: jumping-windows Prevent windows from resizing and moving themselves
-s/(?:window|this|self)\.(?:move|resize)(?:to|by)\(/concat(/ig
+s/(?:window|this|self)\.(?:move|resize)(?:to|by)\(/''.concat(/ig
#################################################################################
#################################################################################
#
# shockwave-flash: Kill embedded Shockwave Flash objects
+# Note: Better just block "/.*\.swf$"!
#
#################################################################################
FILTER: shockwave-flash Kill embedded Shockwave Flash objects
-s|<embed [^>]*application/x-shockwave-flash.*</embed>|<!-- Squished Shockwave Flash Embed -->|sigU
+s|<object [^>]*macromedia.*</object>|<!-- Squished Shockwave Object -->|sigU
+s|<embed [^>]*(application/x-shockwave-flash\|\.swf).*>(.*</embed>)?|<!-- Squished Shockwave Flash Embed -->|sigU
#################################################################################
#
s%f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);%alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);%siU
+# Address bar spoofing (http://www.secunia.com/advisories/10395/):
+#
+s/(<a[^>]*href[^>]*)(\x01|\x02|\x03|%0[012])/$1MALICIOUS-LINK/ig
+
# Nimda:
#
s%<script language="JavaScript">(window\.open|1;''\.concat)\("readme\.eml", null, "resizable=no,top=6000,left=6000"\)</script>%<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>%g
+#################################################################################
+#
+#
+# site-specifics: Cure for site-specific problems. Don't apply generally!
+#
+# Note: The fixes contained here are so specific to the problems of the
+# particular web sites they are designed for that they would be a
+# waste of CPU cycles (or even destructive!) on 99.9% of the web
+# sites where they don't apply.
+#
+#################################################################################
+FILTER: site-specifics Cure for site-specific problems. Don't apply generally!
+
+# www.spiegel.de excludes X11 users from viewing Flash5 objects - shame.
+# Apply to: www.spiegel.de/static/js/flash-plugin.js
+#
+s/indexOf\("x11"\)/indexOf("x13")/
+
+# www.quelle-bausparkasse.de uses a very stupid redirect mechanism that
+# relies on a webbug being present. Can we tolerate that? No!
+# Apply to: www.quelle-bausparkasse.de/$
+#
+s/mylogfunc()//g
+
+# groups.yahoo.com has splash pages that one needs to click through in
+# order to access the actual messages. Let the browser do that. Thanks
+# to Paul Jobson for this one:
+#
+s|<a href="(.+?)">(?:Continue to message\|Weiter zu Nachricht)</a>|<meta http-equiv="refresh" content="0; URL=$1">|ig
+
+# monster.com has two very similar gimmicks:
+#
+s|<input type="hidden" name="REDIRECT" value="(.+?)">|<meta http-equiv="refresh" content="0; URL=$1">|i
+
+s|<IMG SRC="http://media.monster.com/mm/usen/my/no_thanks_211x40.gif".+?>|<meta http-equiv="refresh" content="0; URL=http://my.monster.com/resume.asp">|i
+
+# nytimes.com triggers popups through the onload handler of dummy images
+# to fool popup-blockers.
+#
+s|(<img [^>]*)onload|$1never|sig
+
+
##############################################################################
#
# Revisions :
# $Log: default.filter,v $
+# Revision 1.11.2.21 2004/01/20 15:15:01 oes
+# Detail enhancement in all-popups
+#
+# Revision 1.11.2.20 2004/01/06 16:46:14 oes
+# Fixed a JS syntax problem in jumping-windows
+#
+# Revision 1.11.2.19 2003/12/17 17:09:25 oes
+# Added remedy against IE address bar spoofing
+#
+# Revision 1.11.2.18 2003/12/02 11:25:27 oes
+# Fixed a line trashed in previous commit
+#
+# Revision 1.11.2.17 2003/12/01 21:58:46 oes
+# Assorted tuning:
+#
+# - unsolicited-popups no longer matches at start or end of quoted
+# strings, and is now activated earlier and deactivated later in
+# the page.
+# - replacement images in banners-by-* now without border
+# - more effective shockwave flash flattening
+# - Custom annoyance filtering for Yahoo Groups, Monster.com, NY Times.
+#
+# Revision 1.11.2.16 2003/05/08 09:44:56 oes
+# Allow extra parameters in blink,marquee tags. Fixes bug #734012
+#
+# Revision 1.11.2.15 2003/03/30 13:57:08 oes
+# Making unsolicited-popups safe for use on <html> tags enclosed in JS strings
+#
+# Revision 1.11.2.14 2003/03/19 13:17:50 oes
+# - Added filter "site-specifics" to address site specific problems
+# - Fixed a small problem in the img-reorder filter
+#
+# Revision 1.11.2.13 2003/03/18 19:28:59 oes
+# Fixed a minor problem in the img-reorder filter
+#
+# Revision 1.11.2.12 2003/03/15 14:06:58 oes
+# - Assorted refinements, optimizations and fixes in the js-annoyances,
+# img-reorder, banners-by-size, banners-by-link, webbugs, refresh-tags,
+# html-annoyances, content-cookies and fun filters
+# - Replaced filter "popups" by choice between two modes:
+# - "unsolicited-popups" tries to catch only the unsolicited ones
+# - "all-popups" tries to kill them all (as before)
+# - New filter "tiny-textforms" Help those tiny or hard-wrap textareas.
+# - New filter "jumping-windows" that prevents windows from resizing
+# and moving themselves
+# - Replaced "nimda" with more general "ie-exploits" filter in which
+# all filters for exploits shall be collected
+#
# Revision 1.11.2.11 2002/11/12 16:14:43 oes
# Exchanged js-annoyance filter against status bar rewrites with improved version by Don Libes
#
#
#
#
+
+