> Or just replace < and > with one of these set of similar looking characters
> (I think the last 2 are non-Unicode characters which can be shown in most
> browsers without prompting to download silly extra packs) ????????
Like < and >, perhaps?
It dosn't matter, though. IE is going to second-guess the filetype and
interpret
HTML no-matter what.
The only way for them to be safe is to allow image/{gif/jpeg/png/bmp} (AND NO
OTHERS)
text/html and text/plain (which we should probably promote to HTML then
htmlentityize it.
Here's the anonymity risks:
1) Image/somethingwedontrecognize <-- IE, netscape like to load "plugins" for
things it dosn't recognize. Someone could compromise the download server for
something obscure (AOL .art format, for instance) then check referer documents
for freenet URLs. Not sure how possible this is as I don't know what all the
browsers send.
2) {video,audio}/*: As mentioned before, some formats allow redirecting to
URLs at the end. Also, codec registry. Even "safe" types like .wav are
overridden as soon as IE sees the first few bytes of a .wma file, and dumps
it into media player.
Safest bet: squash into application/octet stream (force download)
3) CSS: There's only a few ways to specify a URI in standard CSS, so we should
be
able to filter that type safely.
4) text/plain <-- mangle as described above. Too many risks, and the end-user
experience
will be the same. (Wrap in <pre></pre> for good measure)
5) text/html: We do a good job on this, with a few small loopholes.
"But it shouldn't be in freenet!" I agree, 110%. Fproxy should spin into it's
own side
project, hooked into freenet ONLY via the FCP port. This convieniently means
that any
"internal" hooks (Build #, etc) would have to be exposed to other toolwriters.
--Dan
_______________________________________________
devl mailing list
devl at freenetproject.org
http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl
