Should we not fix the blatantly bad __OBFUSCATING_COMMENT_A (and B) too? :-)
On Mon, May 06, 2019 at 08:17:25PM -0000, k...@apache.org wrote: > Author: kb > Date: Mon May 6 20:17:25 2019 > New Revision: 1858824 > > URL: http://svn.apache.org/viewvc?rev=1858824&view=rev > Log: > HIDE_WIN_STATUS -- Limit the substring matches inside HTML tags to 1000 chars > each. Using unlimited quantifiers may take exceedingly long for the edge case > of huge text blobs containing quiet a couple "<" chars. > > > Modified: > spamassassin/trunk/rules/20_html_tests.cf > > Modified: spamassassin/trunk/rules/20_html_tests.cf > URL: > http://svn.apache.org/viewvc/spamassassin/trunk/rules/20_html_tests.cf?rev=1858824&r1=1858823&r2=1858824&view=diff > ============================================================================== > --- spamassassin/trunk/rules/20_html_tests.cf (original) > +++ spamassassin/trunk/rules/20_html_tests.cf Mon May 6 20:17:25 2019 > @@ -56,7 +56,7 @@ describe HTML_MISSING_CTYPE Message is H > ########################################################################### > # rawbody HTML tests > > -rawbody HIDE_WIN_STATUS > /<[^>]+onMouseOver=[^>]+window\.status=/i > +rawbody HIDE_WIN_STATUS > /<[^>]{1,1000}onMouseOver=[^>]{1,1000}window\.status=/i > describe HIDE_WIN_STATUS Javascript to hide URLs in browser > > rawbody __OBFUSCATING_COMMENT_A /\w(?:<![^>]*>)+\w/ >