Hi, > > I modified the ExtractText plugin to also process HTML files > > > > extracttext_external htmlcat /usr/bin/cat {} > > extracttext_use htmlcat .htm .html > > > > Quite horrible hack, as the result should be _rendered_ text. Inserting raw > HTML for all body rules is probably breaking more things than fixing. > > But yeah a "mimebody" ruletype would probably be useful..
Would you explain a bit further? Until such a ruletype exists, how do you propose we solve this javascript issue? How do we search through MIME attachments without using ExtractText? Block the resulting URI in the javascript body? I was hoping for something more generic. I realize blocking all javascript is prone to error, but what about blocking all "location.href" attempts? Or "document.write"? Am I really the only one seeing these attacks?