On Saturday 03 Mar 2012 19:05:22 Dennis Nezic wrote: > On Sat, 3 Mar 2012 13:27:19 -0500, Juiceman wrote: > > On Sat, Mar 3, 2012 at 9:22 AM, Jep <j...@jep-z11.xs4all.nl> wrote: > > > > > There is no way to include a simple counter on a web page in > > > Freenet as far as I can see. > > > > > > It would require some kind of scripting that the content filter > > > would allow I reckon. Is it feasible to implement such? A strict > > > method the filter allows, perhaps, writing to a log file within the > > > freesite container. > > > > > > > > > Another thing, not very important but still. The content filter > > > strips out anything that would make favicons work. For instance, > > > rel="shortcut icon" is not accepted. > > > I can't see how 'local' favicons, icons within the freesite, could > > > be a danger to anonymity, so if that limitation could be taken out > > > of the filter? Allowing just /favicon.ico would do the trick. > > > > > > Is there any documentation on the FN content filter? > > > > > > > I believe .ICOs are blocked due to a Microsoft vulnerability > > Something about a divide-by-zero overflow. Ah, here it is. > > http://www.kb.cert.org/vuls/id/290961 > > > > Quote from the page: > > "There is an integer division by zero vulnerability in the way the ICO > > parsing component of GDI+ (Gdiplus.dll) handles ICO files with a > > Heightvalue of zero in the > > InfoHeader section of the ICO file. By introducing a specially > > crafted ICO file to the vulnerable component, a remote attacker could > > trigger an integer division by zero denial-of-service condition. > > > > > > I imagine a simple filter could be written that checks that none of > > the dimensions are declared "0"." Of course, I can say it's simple > > because I am not the one coding it ;-) . > > Aren't there tonnes of these kinds of bugs... ie. I don't think it's > Freenet's responsibility to manage all the other possibly bugged > packages on one's system. If anyone is using such a bugged version of > Microsoft, they'll get screwed no matter what bandaids Freenet tries to > apply.
True but Freenet needs to be reasonably secure by default, provided it is straightforward to implement. A .ICO filter is planned eventually.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
