#
# File : $Source: /cvsroot/ijbswa/current/default.filter,v $
#
-# $Id: default.filter,v 1.11.2.16 2003/05/08 09:44:56 oes Exp $
+# $Id: default.filter,v 1.11.2.19 2003/12/17 17:09:25 oes Exp $
#
# Purpose : Rules to process the content of web pages
#
FILTER: unsolicited-popups Disable only unsolicited pop-up windows
s+([^'"]\s*<head.*>)(?=\s*[^'"])+$1<script>function PrivoxyWindowOpen(){return(null);}</script>+isU
-s+((window|this|parent)\.)?open\s*\(+PrivoxyWindowOpen(+ig
+s+([^\w\s.]\s*)((window|this|parent)\.)?open\s*\(+$1PrivoxyWindowOpen(+ig
s+([^'"]\s*)(?=</html>(\s*[^'"]|$))+$1<script>function PrivoxyWindowOpen(a, b, c){return(window.open(a, b, c));}</script>+iU
#################################################################################
FILTER: jumping-windows Prevent windows from resizing and moving themselves
-s/(?:window|this|self)\.(?:move|resize)(?:to|by)\(/concat(/ig
+s/(?:window|this|self)\.(?:move|resize)(?:to|by)\(/''.concat(/ig
#################################################################################
#
s%f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);%alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);%siU
+# Address bar spoofing (http://www.secunia.com/advisories/10395/):
+#
+s/(<a[^>]*href[^>]*)(\x01|\x02|\x03|%0[012])/$1MALICIOUS-LINK/ig
+
# Nimda:
#
s%<script language="JavaScript">(window\.open|1;''\.concat)\("readme\.eml", null, "resizable=no,top=6000,left=6000"\)</script>%<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>%g
#
# Revisions :
# $Log: default.filter,v $
+# Revision 1.11.2.19 2003/12/17 17:09:25 oes
+# Added remedy against IE address bar spoofing
+#
+# Revision 1.11.2.18 2003/12/02 11:25:27 oes
+# Fixed a line trashed in previous commit
+#
+# Revision 1.11.2.17 2003/12/01 21:58:46 oes
+# Assorted tuning:
+#
+# - unsolicited-popups no longer matches at start or end of quoted
+# strings, and is now activated earlier and deactivated later in
+# the page.
+# - replacement images in banners-by-* now without border
+# - more effective shockwave flash flattening
+# - Custom annoyance filtering for Yahoo Groups, Monster.com, NY Times.
+#
# Revision 1.11.2.16 2003/05/08 09:44:56 oes
# Allow extra parameters in blink,marquee tags. Fixes bug #734012
#