Re: Defanged HTML headers [WAS: Re: [Announce] Mutt 1.3.28 (BETA) is out.]
* Cedric Duval ([EMAIL PROTECTED]) wrote: John Buttery said: * Carl B. Constantine [EMAIL PROTECTED] [2002-03-18 08:43:58 -0800]: HEADDEFANGED_META HTTP-EQUIV=REFRESH CONTENT=0 URL=http://cedricduval.free.fr/mutt/;/HEAD Really, is there some content that could be seen as malicious in this page? Yes. The 0 means the refresh is instantanious, which breaks the back button on most browsers. This is why HTTP supports redirection; meta refresh is a lame-ass hack, and should be avoided, especially in these circumstances. -- Thomas 'Freaky' Hurst - [EMAIL PROTECTED] - http://www.aagh.net/ - Tip of the Day: Never fry bacon in the nude.
Re: Defanged HTML headers [WAS: Re: [Announce] Mutt 1.3.28 (BETA) is out.]
Thomas Hurst said: HEADDEFANGED_META HTTP-EQUIV=REFRESH CONTENT=0 URL=http://cedricduval.free.fr/mutt/;/HEAD Really, is there some content that could be seen as malicious in this page? Yes. The 0 means the refresh is instantanious, which breaks the back button on most browsers. This is why HTTP supports redirection; meta refresh is a lame-ass hack, and should be avoided, especially in these circumstances. Yes, indeed. But on this page, there are only _two_ META tags: meta http-equiv=content-type content=text/html; charset=iso-8859-1 meta name=author content=Cedric Duval The first is required for valid html, and the second... well, while certainly useless, I don't think it will do much harm. If you see a meta refresh somewhere, it does not originate from my code, but from _your_ proxy. -- Cedric
Re: Defanged HTML headers [WAS: Re: [Announce] Mutt 1.3.28 (BETA) is out.]
On Mar 18, John Buttery [[EMAIL PROTECTED]] wrote: * Carl B. Constantine [EMAIL PROTECTED] [2002-03-18 08:43:58 -0800]: all I get at this page is the following: HEADDEFANGED_META HTTP-EQUIV=REFRESH CONTENT=0 URL=http://cedricduval.free.fr/mutt/;/HEAD that is displayed in NS 6.2.1 (solaris). You have a proxy server that is defanging tags for you (to protect from malicious META headers, Javascript, yadda yadda). You need to remove the DEFANGED_ so it just says ...META ... and it will redirect properly. Or you could just hit that URL it lists there directly and skip the redirection altogether. :) The version of Carl's mail that I saw did not have the defanged prefix. Are you sure your proxy isn't doing this for you in his incoming mail? msg25841/pgp0.pgp Description: PGP signature
Re: Defanged HTML headers [WAS: Re: [Announce] Mutt 1.3.28 (BETA) is out.]
John Buttery said: * Carl B. Constantine [EMAIL PROTECTED] [2002-03-18 08:43:58 -0800]: all I get at this page is the following: HEADDEFANGED_META HTTP-EQUIV=REFRESH CONTENT=0 URL=http://cedricduval.free.fr/mutt/;/HEAD that is displayed in NS 6.2.1 (solaris). You have a proxy server that is defanging tags for you (to protect from malicious META headers, Javascript, yadda yadda). Really, is there some content that could be seen as malicious in this page? It passes all W3C validator checks, and there is no javascript, so there should be no problem (here, at least, it works well with Mozilla 0.9.8, NS 4.7, Dillo and lynx) -- John Buttery (Web page temporarily unavailable) That's what I thought at first: a temporary overloaded server. ;) But you're right, it must be a proxy problem on Carl's side. (and it is merely OT here) -- Cédric
Re: Defanged HTML headers [WAS: Re: [Announce] Mutt 1.3.28 (BETA) is out.]
* Cedric Duval [EMAIL PROTECTED] [2002-03-19 09:43:57 +0100]: John Buttery said: * Carl B. Constantine [EMAIL PROTECTED] [2002-03-18 08:43:58 -0800]: all I get at this page is the following: HEADDEFANGED_META HTTP-EQUIV=REFRESH CONTENT=0 URL=http://cedricduval.free.fr/mutt/;/HEAD that is displayed in NS 6.2.1 (solaris). You have a proxy server that is defanging tags for you (to protect from malicious META headers, Javascript, yadda yadda). Really, is there some content that could be seen as malicious in this page? It passes all W3C validator checks, and there is no javascript, so there should be no problem (here, at least, it works well with Mozilla 0.9.8, NS 4.7, Dillo and lynx) That's what I thought at first: a temporary overloaded server. ;) But you're right, it must be a proxy problem on Carl's side. (and it is merely OT here) Well, the heuristic is probably any meta tag. :) But yeah, that's what it is. I have a procmail-based filter that does the same thing to HTML email; that's how I recognized it. It disables potentially dangerous code by changing its leading tag to DEFANGED_*. -- John Buttery (Web page temporarily unavailable) msg25707/pgp0.pgp Description: PGP signature
Defanged HTML headers [WAS: Re: [Announce] Mutt 1.3.28 (BETA) is out.]
* Carl B. Constantine [EMAIL PROTECTED] [2002-03-18 08:43:58 -0800]: all I get at this page is the following: HEADDEFANGED_META HTTP-EQUIV=REFRESH CONTENT=0 URL=http://cedricduval.free.fr/mutt/;/HEAD that is displayed in NS 6.2.1 (solaris). You have a proxy server that is defanging tags for you (to protect from malicious META headers, Javascript, yadda yadda). You need to remove the DEFANGED_ so it just says ...META ... and it will redirect properly. Or you could just hit that URL it lists there directly and skip the redirection altogether. :) -- John Buttery (Web page temporarily unavailable) msg25704/pgp0.pgp Description: PGP signature