Hi, Seems that I found a rather big "hole" in fproxy's anonymity filter:
when you insert a file encoded in UTF16 with a proper byteorder mark at the beginning (i.e. FFFE or FEFF), it is understood by most of the browsers. (btw it is the only way I know of using national chars that don't have a textual entity in HTML files on Freenet at all, as charset=UTF8 meta tags are blocked by the anonymity filter. Allowing those would be better, I think.) Despite that, fproxy's anonymity filter lets it go through without finding anything in it - e. g. images loaded from the web will pass without warning. I inserted two sample files at SSK at eUBIUpjnEDHs3oUm4SlPEtQdrH0PAgM/ascii.html SSK at eUBIUpjnEDHs3oUm4SlPEtQdrH0PAgM/unicode.html Both the same "source" text, but the first one in ASCII (causes a fproxy warning) and the second one in UTF-16 (does not cause one). Michael _______________________________________________ devl mailing list devl at freenetproject.org http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl
