The first version of the new anonymity filter is now in the development branch of CVS (build 631). It seems to more or less work. It works by parsing the whole HTML file and only passing along tags it understands; this should be much safer, and allows us to do things like rewriting web URLs to checked_http's on the fly (the page is rewritten on the fly by the filter even if it doesn't have any hostile code). Current limitations: * No CSS support. Hence CSS is blocked. Including inline style. * All comments are blocked. (will be fixed when CSS and javascript are properly sorted out). * ?date= links, and "?"'s in checked links, are blocked again (this will be fixed). * No <base href> support, this might hurt a few hand-coded sites * Plenty of other bugs and unfeatures :) * BUT ~ 99% of HTML 4.01 _IS_ implemented. On the other hand, it does seem to work with most freesites, including TFE and Cruft. By all means test it and comment on it. It should even now be safer than the old filter.
The stable branch still has the old filter. This may not have been a sensible time to do this, between the ever-imminent 0.5.1, ARKs, the fact that we need another $900 by approximately early february and a release is the best way to get it... but the latest anon filter bug pissed me off :) -- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20030101/87bc338a/attachment.pgp>
