Threaded Mode | Linear Mode

Toppy · Jul. 26, 2010, 01:27 AM

Hi,

More and more blogs, forums, etc are making use of reCaptcha's on their pages using the iFrame method.

One such example : http://hacks.mozilla.org/2010/07/firefox...rl-object/

Is it somehow possible to configure the sidki filters so that iFrame's are allowed only if there's a recaptcha detected inside it ?

Thanks.

***sidki3003*** · (This post was last modified: Jul. 26, 2010 03:56 PM by sidki3003.)

I currently have no good idea, maybe someone else has...

Anyway, a good practice is to collect a couple of examples, to see if the captcha is always coded the same way:
At hacks.mozilla.org it's actually a script writing a div. Only if JS is turned off in the browser (Plan B), an iframe is written. (Hence a noscript filter is kicking in.)

I'd suggest you bypass the respective blogs for now by adding entries into your user exception list, like:

Code:

hacks.mozilla.org/   $SET(1=iframe_b:0.)

...and once you've found a couple, we rethink the issue. If it's always implemented the same way, one could for instance hardcode an exception for api.recaptcha.net into the noscript filter (although this wouldn't be a nice solution).

bugger · Jul. 26, 2010, 10:15 PM

from documentation here @ http://code.google.com/apis/recaptcha/docs/display.html

there lots of methods, two major are non js and js method(ajax)

then there is plugins for specific platforms, namely php, asp.net, classic asp, java/jsp, perl, wordpress, mediawiki, phpbb, formMail etc

***sidki3003*** · Aug. 01, 2010, 01:04 PM

Thanks bugger, but we don't need to wade through all methods, because a problem only arises if offsite iframes are involved.

If Toppy - or any one else for that matter - comes across further affected sites, i'll try to do something about it. Otherwise people may add respective bypass entries to their user exception lists.

***sidki3003*** · Aug. 29, 2010, 04:50 PM

OK, i've found six more sites, that's sufficient...

Below filter is for the alpha config only:

Code:

[Patterns]

Name = "<script> Remove: Ad Scripts - Noscript     10.08.29 (multi) [sd] (d.2 l.3)"

Active = TRUE

Multi = TRUE

URL = "$TST(hCT=*html)$TST(flag=*.adurl:1.*)(^$TST(keyword=*.(a_js|i_noscr:[12]|i_level:[12]).*))"

Limit = 20000

Match = "$NEST(<script(^$TST(tNoscript=1+void)|$TST(comment=2))$TST(script=1*),>)( $NEST(<script,>))+"

        "$INEST(<script,</script)</script(*>)+{1}"

        "([ \t\r]+(\n[ \t\r]+)+{0,2}$NEST(<script,>)( $NEST(<script,>))+$INEST(<script,</script)</script*>)+"

        " ($NEST(<noembed,</noembed >) )+($NEST(<!--,-- >) )+"

        "("

        "<noscript(*>)+{1}$SET(tNoscript=$GET(tNoscript)void)"

        " (^<(/noscript|html|body|frameset?+{1024}))\4</noscript >"

        ")\5"

        ""

        "&$TST(\4="

        "(^$TST(keyword=*.(a_track|i_noscr:3).*))"

        "(<(div|p(^[a-z]))\8(*>)+{1} |($NEST(<!-(-)\8,-- >) )+)"

        "(<img(*>&&("

        "(*width(=\\+"+| :) ([#*:4])\6*&&*height(=\\+"+| :) ([#*:4])\7$SET(9=Webbug \8 \6x\7)*)"

        "|(^*(width [=:]|src=$AV(*.jpe+g))|(*src=$AV(*.gif)&*(alt=$AV(?*)|usemap=)))$SET(9=Webbug \8 nodim)*"

        ")) )+{1,*}(^?+{100})*"

        "|<iframe($TST(flag=*.iframe_b:\2.*)|)("

        "$TST(\2=[12])|(^$TST(\2=0))[^>]++src=$AV("*|[^/.]+//(^"

        "api.recaptcha.|www.google.com/recaptcha/|"

        "([^/]++.|)$TST(uDom)(^.))*|*.swf*))$SET(9=iFrame)*"

        "|(*\s(src|href|action|data)\3=)++{1,2}$AV( $LST(AdList)*)*"

        "&"

        "($TST(script=1*1*)|*<(frameset|iframe)\6$SET(script=void))"

        "$SET(2=<script type="text/javascript">/*\r\n\tPROX: Empty script"

        " left in place to keep the noscript \6.\r\n*/</script>\r\n\5)"

        "|($TST(tNoscript=(1*)\2void)$SET(tNoscript=\2)|$SET(tNoscript=))$SET(script=)$SET(2=)"

        ")"

        ""

        "&"

        "$SET(eAdJS=$GET(eAdJS)"

        "%3Cspan class=%22Pr0xFly-Span%22%3E$GET(mHead) Noscript:%3C/span%3E"

        "  $ESC(\9)%3Cbr class=%22Pr0xFly-Br%22 /%3E"

        ")"

        "$SET(1=$TST(keyword=(^$TST(tFrameset=*))*.i_level:5.*)"

        "<span class="Pr0x Pr0xAdScript" style="display:$GET(displayD)">"

        "&#8226;&#160;JS Ad Noscript: \9</span>"

        ")"

        "($TST(volat=*.log:2*)$ADDLST(Log-Main,[$DTM(d T)]\tWEB JS_Ad_HTM noscript \3 \t\9 \t\u)|)"

Replace = "\1<!-- PROX: Script removed - Noscript Ad: \9 -->\r\n\2"

fpout · Sep. 01, 2010, 01:31 PM

Short feedback :
. the above new Noscript filter seems to work perfectly, at least on http://hotfile.com/dl/, which didn't work for me before. I couldn't download unless the "noscript" filter was unticked, even with ? hotfile.com/dl/ $SET(0=i_noscr:2.)? in "Exceptions-U".

Thank you, Sidki.

***sidki3003*** · (This post was last modified: Sep. 02, 2010 04:38 PM by sidki3003.)

Thanks for the feedback, i didn't realize this side effect.
(I also have a (http://www.|)hotfile.com/dl/ entry in my Exceptions.ptxt.)