################################################################################# # # File : default.filter # # Purpose : Rules to process the content of web pages # # Copyright : Written by and Copyright (C) 2001-2021 the # Privoxy team. https://www.privoxy.org/ # # This program is free software; you can redistribute it # and/or modify it under the terms of the GNU General # Public License as published by the Free Software # Foundation; either version 2 of the License, or (at # your option) any later version. # # This program is distributed in the hope that it will # be useful, but WITHOUT ANY WARRANTY; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. See the GNU General Public # License for more details. # # The GNU General Public License should be included with # this file. If not, you can view it at # http://www.gnu.org/copyleft/gpl.html # or write to the Free Software Foundation, Inc., 59 # Temple Place - Suite 330, Boston, MA 02111-1307, USA. # ################################################################################# # # Syntax: # # Generally filters start with a line like "FILTER: name description". # They are then referrable from the actionsfile with +filter{name} # # FILTER marks a filter as content filter, other filter # types are CLIENT-HEADER-FILTER, CLIENT-HEADER-TAGGER, # SERVER-HEADER-FILTER and SERVER-HEADER-TAGGER. # # Inside the filters, write one Perl-Style substitution (job) per line. # Jobs that precede the first FILTER: line are ignored. # # For Details see the pcrs manpage contained in this distribution. # (and the perlre, perlop and pcre manpages) # # Note that you are free to choose the delimiter as you see fit. # # Note2: In addition to the Perl options gimsx, the following nonstandard # options are supported: # # 'U' turns the default to ungreedy matching. Add ? to quantifiers to # switch back to greedy. # # 'T' (trivial) prevents parsing for backreferences in the substitute. # Use if you want to include text like '$&' in your substitute without # quoting. # # 'D' (Dynamic) allows the use of variables. Supported variables are: # $host, $listen-address, $origin (the IP address the request came # from), $path and $url. # # Note that '$' is a bad choice as delimiter for dynamic filters as you # might end up with unintended variables if you use a variable name # directly after the delimiter. Variables will be resolved without # escaping anything, therefore you also have to be careful not to chose # delimiters that appear in the replacement text. For example '<' should # be save, while '?' will sooner or later cause conflicts with $url. # ################################################################################# ################################################################################# # # js-annoyances: Get rid of particularly annoying JavaScript abuse. # ################################################################################# FILTER: js-annoyances Get rid of particularly annoying JavaScript abuse. # Note: Most of these jobs would be safer if restricted to a # )|$1never|sigU # If we allow window.open, we want normal window features: # Test: http://www.htmlgoodies.com/beyond/notitle.html # s/(open\s*\([^\)]+resizable=)(["']?)(?:no|0)\2/$1$2yes$2/sigU s/(open\s*\([^\)]+location=)(["']?)(?:no|0)\2/$1$2yes$2/sigU s/(open\s*\([^\)]+status=)(["']?)(?:no|0)\2/$1$2yes$2/sigU s/(open\s*\([^\)]+scroll(?:ing|bars)=)(["']?)(?:no|0)\2/$1$2auto$2/sigU s/(open\s*\([^\)]+menubar=)(["']?)(?:no|0)\2/$1$2yes$2/sigU s/(open\s*\([^\)]+toolbar=)(["']?)(?:no|0)\2/$1$2yes$2/sigU s/(open\s*\([^\)]+directories=)(["']?)(?:no|0)\2/$1$2yes$2/sigU s/(open\s*\([^\)]+fullscreen=)(["']?)(?:yes|1)\2/$1$2no$2/sigU s/(open\s*\([^\)]+always(?:raised|lowered)=)(["']?)(?:yes|1)\2/$1$2no$2/sigU s/(open\s*\([^\)]+z-?lock=)(["']?)(?:yes|1)\2/$1$2no$2/sigU s/(open\s*\([^\)]+hotkeys=)(["']?)(?:yes|1)\2/$1$2no$2/sigU s/(open\s*\([^\)]+titlebar=)(["']?)(?:no|0)\2/$1$2yes$2/sigU ################################################################################# # # js-events: Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites). # ################################################################################# FILTER: js-events Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites). s/(on|event\.)((mouse(over|out|down|up|move))|(un)?load|contextmenu|selectstart)/never/ig # Not events, but abused on the same type of sites: s/(alert|confirm)\s*\(/concat(/ig s/set(timeout|interval)\(/concat(/ig ################################################################################# # # html-annoyances: Get rid of particularly annoying HTML abuse. # ################################################################################# FILTER: html-annoyances Get rid of particularly annoying HTML abuse. # New browser windows (if allowed -- see no-popups filter below) should be # resizeable and have a location and status bar # s/(]+resizable=)(['"]?)(?:no|0)\2/$1$2yes$2/igU s/(]+location=)(['"]?)(?:no|0)\2/$1$2yes$2/igU s/(]+status=)(['"]?)(?:no|0)\2/$1$2yes$2/igU s/(]+scrolling=)(['"]?)(?:no|0)\2/$1$2auto$2/igU s/(]+menubar=)(['"]?)(?:no|0)\2/$1$2yes$2/igU # The and tags were crimes! # s---sigU ################################################################################# # # content-cookies: Kill cookies that come in the HTML or JS content. # ################################################################################# FILTER: content-cookies Kill cookies that come in the HTML or JS content. # JS cookies, except those used by antiadbuster.com to detect us: # s|(\w+\.)+cookie(?=[ \t\r\n]*=)(?!='aab)|ZappedCookie|ig # HTML cookies: # s|||igU ################################################################################# # # refresh-tags: Kill automatic refresh tags if refresh time is larger than 9 seconds. # ################################################################################# FILTER: refresh-tags Kill automatic refresh tags if refresh time is larger than 9 seconds. # Note: Only deactivates refreshes with more than 9 seconds delay to # preserve monster-stupid but common redirections via meta tags. # s@\2]*))?\2@)(?=\s*[^'"])+$1+isU s@([^\w\s.]\s*)((?:map)?(window|this|parent)\.?)?open\s*\(@$1PrivoxyWindowOpen(@ig s+([^'"]\s*)(?!\s*(\\n|'|"))+$1+iU ################################################################################## # # all-popups: Kill all popups in JavaScript and HTML. # ################################################################################# FILTER: all-popups Kill all popups in JavaScript and HTML. s@((\W\s*)(?:map)?(window|this|parent)\.?)open\s*\\?\(@$1concat(@ig # JavaScript #s/\starget\s*=\s*(['"]?)_?(blank|new)\1?/ notarget/ig # HTML s/\starget\s*=\s*(['"]?)_?(blank|new)\1?/ /ig # (X)HTML ################################################################################## # # img-reorder: Reorder attributes in tags to make the banners-by-* filters more effective. # ################################################################################# FILTER: img-reorder Reorder attributes in tags to make the banners-by-* filters more effective. # In the first step src is moved to the start, then width is moved to the second # place to guarantee an order of src, width, height. Also does some white-space # normalization. # # This makes banners-by-size more effective and allows both banners-by-size # and banners-by-link to preserve the original image URL in the title attribute. s|]*)\ssrc\s*=\s*(['"])([^>'" ]+)\2|]*)\ssrc\s*=\s*([^'">\\\s]+)|]+height)\s*=\s*|$1=|siUg s|'" ]*\2\|[^'">\\\s]+?))([^>]*)\s+width\s*=\s*((["']?)\d+?\5)(?=[\s>])|\\\1\s]+)\1)?[^>]*?(width=(['"]?)88\4)[^>]*?(height=(['"]?)31\6)[^>]*?(?=/?>)@\ \\\1\s]+)\1)?[^>]*?(width=(['"]?)120\4)[^>]*?(height=(['"]?)(?:600?|90|240)\6)[^>]*?(?=/?>)@\ \\\1\s]+)\1)?[^>]*?(width=(['"]?)125\4)[^>]*?(height=(['"]?)125\6)[^>]*?(?=/?>)@\ \\\1\s]+)\1)?[^>]*?(width=(['"]?)160\4)[^>]*?(height=(['"]?)600\6)[^>]*?(?=/?>)@\ \\\1\s]+)\1)?[^>]*?(width=(['"]?)180\4)[^>]*?(height=(['"]?)150\6)[^>]*?(?=/?>)@\ \\\1\s]+)\1)?[^>]*?(width=(['"]?)(?:234|468)\4)[^>]*?(height=(['"]?)60\6)[^>]*?(?=/?>)@\ \\\1\s]+)\1)?[^>]*?(width=(['"]?)240\4)[^>]*?(height=(['"]?)400\6)[^>]*?(?=/?>)@\ \\\1\s]+)\1)?[^>]*?(width=(['"]?)(?:250|300)\4)[^>]*?(height=(['"]?)250\6)[^>]*?(?=/?>)@\ \\\1\s]+)\1)?[^>]*?(width=(['"]?)336\4)[^>]*?(height=(['"]?)280\6)[^>]*?(?=/?>)@\ \\\1\s]+)\1)?[^>]*?(width=(['"]?)200\4)[^>]*?(height=(['"]?)50\6)[^>]*?(?=/?>)@\ # \1\s]*?(?:\ adclick # See www.dn.se \ | advert # see dict.leo.org \ | atwola\.com/(?:link|redir) # see www.cnn.com \ | doubleclick\.net/jump/ # redirs for doublecklick.net ads \ | counter # common \ | (?\1\s]*)\1[^>]*>\s*\\\3\s]+)\3)?[^>]*((?:width|height)\s*=\s*(['"]?)\d+?\6)[^>]*((?:width|height)\s*=\s*(['"]?)\d+?\8)[^>]*?(?=/?>)\ @\1\s]*?(?:ad(?:click|vert)|atwola\.com/(?:link|redir)|doubleclick\.net/jump/|(?\1\s]*)\1[^>]*>\s*\\\3\s]+)\3)?[^>]*?(?=/?>)@]*\s(?:width|height)\s*=\s*['"]?[01](?=\D)[^>]*\s(?:width|height)\s*=\s*['"]?[01](?=\D)[^>]*?>@@siUg ################################################################################# # # tiny-textforms: Extend those tiny textareas up to 40x80 and kill the hard wrap. # ################################################################################# FILTER: tiny-textforms Extend those tiny textareas up to 40x80 and kill the hard wrap. s/(]*?)(?:\s*(?:rows|cols)=(['"]?)\d+\2)+/$1 rows=$2\40$2 cols=$2\80$2/ig s/(]*?)wrap=(['"]?)hard\2/$1/ig ################################################################################# # # jumping-windows: Prevent windows from resizing and moving themselves. # ################################################################################# FILTER: jumping-windows Prevent windows from resizing and moving themselves. s/(?<=[\W])(?:window|this|self)\.(?:move|resize)(?:to|by)\(/''.concat(/ig ################################################################################# # # frameset-borders: Give frames a border, make them resizable and scrollable. # ################################################################################# FILTER: frameset-borders Give frames a border and make them resizable. s/(]*)framespacing=(['"]?)(no|0)\2/$1/igU s/(]*)frameborder=(['"]?)(no|0)\2/$1/igU s/(]*)border=(['"]?)(no|0)\2/$1/igU s/(]*)noresize/$1/igU s/(]*)frameborder=(['"]?)(no|0)\2/$1/igU s/(]*)scrolling=(['"]?)(no|0)\2/$1/igU ################################################################################# # # iframes: Remove all detected iframes. Should only be enabled for # individual sites after testing that the iframes are optional. # ################################################################################# FILTER: iframes Removes all detected iframes. Should only be enabled for individual sites. s@@@Uisg ################################################################################# # # demoronizer: Correct Microsoft's abuse of standardized character sets, which # leave the browser to (mis)-interpret unknown characters, with # sometimes bizarre results on non-MS platforms. # # credit: ripped from the demoroniser.pl script by: # John Walker -- January 1998, http://www.fourmilab.ch/webtools/demoroniser # ################################################################################# FILTER: demoronizer Fix MS's non-standard use of standard charsets. s/(&\#[0-2]\d\d)\s/$1; /g # per Robert Lynch: http://slate.msn.com//?id=2067547, just a guess. # Must come before x94 below. s/\xE2\x80\x94/ -- /g s/\x82/,/g #s-\x83-f-g s/\x84/,,/g s/\x85/.../g #s/\x88/^/g #s-\x89- °/°°-g s/\x8B/~-g #s-\x99-TM-g # per Robert Lynch. s/\x9B/>/g # 155 ################################################################################# # # shockwave-flash: Kill embedded Shockwave Flash objects. # Note: Better just block "/.*\.swf$"! # ################################################################################# FILTER: shockwave-flash Kill embedded Shockwave Flash objects. s|]*macromedia.*||sigU s|]*(application/x-shockwave-flash\|\.swf).*>(.*)?||sigU ################################################################################# # # quicktime-kioskmode: Make Quicktime movies saveable. # ################################################################################# FILTER: quicktime-kioskmode Make Quicktime movies saveable. s/(]*)kioskmode\s*=\s*(["']?)true\2/$1/ig ################################################################################# # # fun: Text replacements for subversive browsing fun! # ################################################################################# FILTER: fun Text replacements for subversive browsing fun! # SCNR # s/microsoft(?!\.[^\s])/MicroSuck/ig # Buzzword Bingo (example for extended regex syntax) # s* (?:industry|world)[ -]leading \ | cutting[ -]edge \ | customer[ -]focused \ | market[ -]driven \ | award[ -]winning # Comments are OK, too! \ | high[ -]performance \ | solutions[ -]based \ | unmatched \ | unparalleled \ | unrivalled \ *$0Bingo! \ *igx # For Germans only # s/(M|m)edien(?![^<]*>)/$1ädchen/Ug ################################################################################# # # crude-parental: Crude parental filtering. Use with a suitable blocklist. # Pages are "blocked" based on keyword matching. # ################################################################################# FILTER: crude-parental Crude parental filtering. Note that this filter doesn't work reliably. # (Note: Middlesex, Sussex and Essex are counties in the UK, not rude words) # (Note #2: Is 'sex' a rude word?!) s%^.*(?Blocked\

Blocked by Privoxy's crude-parental filter due to possible adult content.

%is s+^.*warez.*$+No Warez

You're not searching for illegal stuff, are you?

+is # Remove by description s@^.*\ (?:(suck|lick|tongue|rub|fuck|fingering|finger|chicks?)\s*)?\ (?:(her|your|my|hard|with|big|wet|tight|pink|hot|moist|young|teen)\s*)+\ (dicks?|penis|cocks?|balls?|tits?|pussy|cunt|clit|ass|mouth).*$\ @This page has been blocked by Privoxy's crude-parental content filter\ @is #Remove by link text s@^.*\ (download|broadband|view|watch|free|get|extreem)?\s*\ (sex|xxx|porn|cumshot|fuck(ing|s)?|anal|ass|asian|adult|Amateur|org(y|ies)|close ups?|hand?job|nail(ed)?)+\s*\ (movies?|pics?|videos?|dvds?|dvd's|links?).*$\ @This page has been blocked by Privoxy's crude-parental content filter\ @is #Remove by age disclaimer s@^.*\ (models?|chicks?|girls?|women|persons)\s*\ (who|are|were)+ (over|at least) (16|18|21) years (old|of age).*$\ @This page has been blocked by Privoxy's crude-parental content filter\ @is #Remove by regulations s@^.*(Section 2257|18 U.?S.?C.? 2257).*$\ @This page has been blocked by Privoxy's crude-parental content filter\ @is ################################################################################# # # IE-Exploits: Disable some known Internet Explorer bug exploits. # ################################################################################# FILTER: ie-exploits Disable some known Internet Explorer bug exploits. # Note: This is basically a demo and waits for someone more interested in IE # security (sic!) to take over. # Cross-site-scripting: # s%f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);%alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);%siU # Address bar spoofing (http://www.secunia.com/advisories/10395/): # s/(]*href[^>]*)(?:\x01|\x02|\x03|%0[012])@/$1MALICIOUS-LINK@/ig # Nimda: # s%%
WARNING: This Server is infected with Nimda!%g ################################################################################# # # # site-specifics: Cure for site-specific problems. Don't apply generally! # # Note: The fixes contained here are so specific to the problems of the # particular web sites they are designed for that they would be a # waste of CPU cycles (or even destructive!) on 99.9% of the web # sites where they don't apply. # ################################################################################# FILTER: site-specifics Cure for site-specific problems. Don't apply generally! # www.spiegel.de excludes X11 users from viewing Flash5 objects - shame. # Apply to: www.spiegel.de/static/js/flash-plugin.js # s/indexOf\("x11"\)/indexOf("x13")/ # www.quelle-bausparkasse.de uses a very stupid redirect mechanism that # relies on a webbug being present. Can we tolerate that? No! # Apply to: www.quelle-bausparkasse.de/$ # s/mylogfunc()//g # groups.yahoo.com has splash pages that one needs to click through in # order to access the actual messages. Let the browser do that. Thanks # to Paul Jobson for this one: # s|(?:Continue to message\|Weiter zu Nachricht)||ig # monster.com has two very similar gimmicks: # s|||i s|||i # nytimes.com triggers popups through the onload handler of dummy images # to fool popup-blockers. # s|(]*)onload|$1never|sig # Pre-check all the "Discard" buttons in GNU Mailman's web interface. # (This saves a lot of mouse aiming practice when flushing spamtraps) # s|( and tags. # ################################################################################# FILTER: no-ping Removes non-standard ping attributes in and tags. s@(]*?)\sping=(['"]?)([^"'>]+)\2([>\s]?)@\ PING!\n$1$4@ig ################################################################################# # # allow-autocompletion: Changes autocomplete="off" on form and input fields # to "on" to allow autocompletion. # ################################################################################# FILTER: allow-autocompletion Changes autocomplete="off" on form and input fields to "on" to allow autocompletion. s@(<(?:input|form|select|textarea)\s[^>]+autocomplete=)(['"]?)(?:off|0)\2@$1$2on$2@igsU ################################################################################# # # github: Removes the annoying "Sign-Up" banner and the Cookie disclaimer. # ################################################################################# FILTER: github Removes the annoying "Sign-Up" banner and the Cookie disclaimer. s@@@Uis s@(