Andrew's Security Filter(s) v5.62 (May 10, 2009)

[z12]

Nice to see an update to this filter.
Here's a couple of things I noticed.

When the noscript and iframe tags match, the tags attributes are inlcuded inside the textarea tag.
It can make for a rather odd looking textarea replacement tag, especially with the iframe tag.
Perhaps the filter should match & replace the entire tag when replacing with a textarea tag.

There seems to be a problem with bypassing.
Add this code to the top of "Andrew's Security Filter v5.57" web filter:

Code:

$SET(bypassing=1)$SET(a_applet=1)$SET(a_object=1)
$SET(a_embed=1)$SET(a_noscript=1)$SET(a_iframe=1)

In the log window, test code:

Code:

</applet></object></embed></noscript></iframe>

Log window matching code:

Code:

</foo></foo></foo></textarea></textarea>

These shouldn't match when bypassed.
I find Notepad++ to be very useful for making sure parenthesis match the desired code.

Is $STOP() even needed now? Stopping at the end of the page probably won't speed things up.
I can see $STOP being useful when bypassing=1.

Also, the js is not injected if not bypassing and no matches occured on the page.
Is this intentional?

z12

[Kye-U]

Thanks! I have fixed the parenthesis problem, and also updated the matching/replacement expressions for iframes and noscripts (textarea).

$STOP() is still needed as it prevents the filter from going into an infinite loop.

Yes, that is intentional. If the page has no tags to remove, then the js is not injected on the page

[z12]

Kye-U Wrote:$STOP() is still needed as it prevents the filter from going into an infinite loop.

ahhh...I see.
I have an end filter that does the same. Don't know why that didn't occur to me.

Kye-U Wrote:If the page has no tags to remove, then the js is not injected on the page

Makes sense. The $GET(bypassing) is what got me wondering.
It's been awhile since I looked at the js.

FYI, I found a page where a mouseEvent got passed \son[a-z]+=.
There was no space after the preceding attribute, just the closing quote character.
I'm now using [^a-z] instead of \s.
Haven't noticed any speed degradation.

z12

[Kye-U]

I spent half of July testing the filter out, seems to be working fine, so I have updated it yet again with the only change being the [^a-z]on[a-z]+=.

[Ivo_Urrutia]

This filter works me very well. Thank you!

[usr]

Thanks for the update

[soccerfan]

Thanks for this filter set.
I've been using it for several months now. Very nice.
Any updates in the offing?

[Kye-U]

I plan on improving the "interface" (the Allow, Bypass, Clean buttons => I'll try to make it so they're less intrusive), and to see if I can optimize the filters further.
I want to make it similar to NoScript, how you can choose to add a site/path to the whitelist automatically unlike how this filter works currently, redirecting you to a page and redirecting you back to the original page. (actually, I just got a brainwave just now)

An update is inevitable

Thanks for all the comments!

EDIT: Just got a chance to review the filters/script, and I'd have to say, it works pretty darn well. Still, I'll try to improve the interface/script/filters and see if I can make it easier to add a site/path to the whitelist (but this depends on how easy it is to make sure there are no duplicates). I don't see much I can optimize in the filters.

[soccerfan]

Yes, the filters have worked really well for me
and I have stopped using noscript (in k-meleon).

[Kye-U]

New things that will be in version 5.60:

-iframe dynamically generated when whitelisting a path/host (instead of going to a separate page and then redirecting back to the original page)
-ability to filter external scripts individually (so if you whitelist lifehacker.com, external scripts (hosted on a different domain) won't be loaded unless you allow them to load. E.g.: edge.quantserve.com is an external script called by lifehacker.com. I think I'll need to create a separate whitelist for this feature to work properly...)
--JavaScript function to remove duplicate external hosts has been implemented
-there were some sites that had elements with an "onclick" attribute without any actual "offensive" elements (script, iframe, embed, etc), causing the "A B" boxes to appear with a blank counter box
-touch-ups on the interface (to make it more compact)
-you no longer need to click exactly on the checkbox for the tags, you can click on the label and it will check the respective checkbox (or uncheck)

[Kye-U]

v5.60 released! I've updated the screenshots as well.

The key logic behind the new third-party script detection/removal is that if you add lifehacker.com to the whitelist, this does not mean the included edge.quantserve.com JavaScript file on lifehacker.com pages is allowed (it will continue to be removed), whereas all "on-domain" scripts will be allowed. In previous versions, this was not the case.

You're also able to allow off-domain scripts individually by clicking on the green A button and clicking on "Allow" beside the domain you want to allow.

The thing that I can see being the main focus in the next release is the interface design and colours. As you can see, it's quite simple (which is good). I'll be playing around with the stylesheet to make it more attractive.

EDIT: I notice IE is the only browser not playing nicely (e.g. not displaying properly). I will sort this out. It displays and works properly in Opera, Firefox, Chromium, Safari (and probably all other non-IE browsers).
EDIT 2: There, IE should play nicely with this filter now. I've also snuck in some minor interface changes (right-aligned text for the status hoverover, and left-aligned the "Host/Path" buttons)).

[Kye-U]

May 9, 2009 - Version 5.61

• off-domain scripts will now continue to be filtered even if all tags (e.g.: .ALL.) have been allowed for a host/path
• minor CSS modifications to make interface more consistent across sites
• simplification/clean-up of filter and JavaScript, fixing minor issues
  

[Kye-U]

May 10, 2009 - Version 5.62

• if removal of scripts is not whitelisted for a site, then any javascript in the href attribute for <a> tags is removed (e.g.: jalert('hi'); )
  

(I hope this is the last update for a while since I'm self-conscious about releasing "too-frequent" updates)

[lnminente]

Don't worry for updating frequently, each time we see an update we see something wich can help us in other filters too I want to end testing some things, polish a bit my config and try your filters, looks so good

[usr]

Thanks for the update, very nice