Dallas L. Engelken writes:
> > -----Original Message-----
> > From: Loren Wilton [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, March 08, 2006 03:09
> > To: [email protected]
> > Subject: Re: move "full" rule functionality into a default-off plugin
> >
> > Let me suggest that this is a *REALLY* *BAD* idea.
> > No, make that "an *EXCEPTIONALLY* *AWFUL* idea".
> >
> > Rawbody rules are useless for 80% of the things they should
> > detect because they only handle one line at a time, and
> > spammers 5 years ago leanred they can break HTML over two
> > lines and disable all useful HTML checks that aren't evals.
> >
> > Dallas's stuff that would get around this is hung up in
> > review because Michael either dislikes the idea of useful
> > rules, or insists they have to be plugins, or noticed that it
> > fixes the rawbody rule problem and makes them useful, so is
> > against it.
>
> If nothing else, I am for simply changing the way rawbody rules are
> evaluated... Because the current line by line evaluation is too
> restrictive, and using a handfull of rules and meta'ing them together to
> match something that wraps across multiple lines is kludgly at best.
That is definitely a good idea.
Are there any rawbody rules left anywhere that this would break? I think
it's likely to be only an improvement.
It does introduce the danger of algorithmic complexity attacks
if .* is used instead of .{0,20} though -- but we may be able to help
this if we spot that kind of thing in --lint.
--j.
