* Cedric Duval <[EMAIL PROTECTED]> [2002-03-19 09:43:57 +0100]: >John Buttery said: >> * "Carl B. Constantine" <[EMAIL PROTECTED]> [2002-03-18 08:43:58 -0800]: >> >all I get at this page is the following: >> > >> ><HEAD><DEFANGED_META HTTP-EQUIV="REFRESH" CONTENT="0" >URL="http://cedricduval.free.fr/mutt/";></HEAD> >> > >> >that is displayed in NS 6.2.1 (solaris). >> >> You have a proxy server that is "defanging" tags for you (to protect >> from malicious META headers, Javascript, yadda yadda). > >Really, is there some content that could be seen as "malicious" in this >page? > >It passes all W3C validator checks, and there is no javascript, so there >should be no problem (here, at least, it works well with Mozilla 0.9.8, >NS 4.7, Dillo and lynx) > >That's what I thought at first: a temporary overloaded server. ;) >But you're right, it must be a proxy problem on Carl's side. (and it is >merely OT here)
Well, the heuristic is probably "any meta tag". :) But yeah, that's
what it is. I have a procmail-based filter that does the same thing to
HTML email; that's how I recognized it. It disables potentially
dangerous code by changing its leading tag to DEFANGED_*.
--
------------------------------------------------------------------------
John Buttery
(Web page temporarily unavailable)
------------------------------------------------------------------------
msg25707/pgp00000.pgp
Description: PGP signature
