On Fri, Nov 22, 2002 at 11:03:07PM +0100, Michael Schierl wrote: > Hi, > > Seems that I found a rather big "hole" in fproxy's anonymity filter: Fixed. I think... in current CVS (the main/development branch). > > > when you insert a file encoded in UTF16 with a proper byteorder mark at > the beginning (i.e. FFFE or FEFF), it is understood by most of the > browsers. Hmmm. Well, I have arranged for it to parse the data both as UTF16 and as UTF8 if it begins with FFFE or FFFF. It should be FFFE or FEFF? Oops. Please try to break the new filter. Anyway, I don't know how to get the byte-order right as I can't pass the byte order marker on to the java class that parses UTF16... but it works with the order you used. > > (btw it is the only way I know of using national chars that don't have a > textual entity in HTML files on Freenet at all, as charset=UTF8 meta > tags are blocked by the anonymity filter. Allowing those would be > better, I think.) Yeah, probably. I was thinking more along the lines of text/html;charset=UTF16 or text/html;charset=UTF8 - allow content types to include known charsets (which would be UTF8 and UTF16). > > Despite that, fproxy's anonymity filter lets it go through without > finding anything in it - e. g. images loaded from the web will pass > without warning. > > I inserted two sample files at > > SSK at eUBIUpjnEDHs3oUm4SlPEtQdrH0PAgM/ascii.html > SSK at eUBIUpjnEDHs3oUm4SlPEtQdrH0PAgM/unicode.html These are both flagged by the filter now. Thank you. > > Both the same "source" text, but the first one in ASCII (causes a fproxy > warning) and the second one in UTF-16 (does not cause one). > > Michael >
-- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021127/bbe03b9b/attachment.pgp>
