>> On 15-May-2009, at 12:46, Adam Katz wrote: >>> uri URI_HIDDEN /.{7}\/\../
LuKreme wrote: >> That won't catch >> http://www.spammer.example.com/.../hidden-malware.asf, it will only >> catch the relative url form "../path/to/content" which SA improperly >> prefaces with "http://" >> >> uri URI_HIDDEN /.{8}\/\../ Works for me: $ echo http://www.spammer.example.com/.../hidden-malware.asf |perl -ne '$_ = "http://$_" unless m{^[a-z]+://}; print "hits\n" if /.{8}\/\../' hits $ $ echo 'href="../not/a/hidden/directory"' |perl -ne '$_ = "http://$_" unless m{^[a-z]+://}; print "hits\n" if /.{8}\/\../' $ LuKreme also wrote: > http://example.com/.hidden/directory/ > scores: 3.0 URI_HIDDEN URI: Contains a link with a hidden ... > > href="../not/a/hidden/directory" > does not match That is the desired outcome, and it works as intended.