John Hardin wrote:
On Mon, 2004-02-23 at 10:03, Aleksander Adamowski wrote:Agreed, but ideally HTML::Parser (or whatever parses those font tags) should be made resistant to such simple attacks. Mozilla and IE correctly interpret the color attribute of that mangled tag, so Perl HTML::Parser should too...
More specifically, when there's a dangling attribute value like this in HTML source:
<font color=
#feefea>
Hmm.
Perhaps SA should have a test similar to the URI test, named perhaps
"tag", that matches a single markup tag with all line breaks removed,
obfuscation encodings decoded, whitespace collapsed, etc...
BTW I've notice that mu MUA has snipped the trailing space, so those samples of font tag were identical. The problematic font tag has a line break instantly after "color=" in the original spam message, and this fools the HTML parser.
--
Best Regards,
Aleksander Adamowski
GG#: 274614
ICQ UIN: 19780575 http://olo.ab.altkom.pl
