1#!/bin/sh 2[ "$1" = "-h" ] && cat <<tac 3 4This example tests the following features of the sanitizer: 5 6 - HTML defanging in headers 7 - HTML defanging in text/ parts 8 9tac 10 11rm -f test.log test.out 12touch test.log test.out 13 14for WB in 0 1; do 15 $ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \ 16 'file_list_1 = (?i)evil$' 'file_list_1_policy = mangle' \ 17 'header_rev = 0' \ 18 "feat_testing = 1" \ 19 'feat_log_inline = 2' \ 20 'file_list_2_policy = accept' \ 21 'file_list_2 = (?i)\.txt$' \ 22 "feat_webbugs = $WB" \ 23 'feat_log_stderr = 0' <<EOF 2>>test.log >>test.out 24From xxx@example.com Thu Aug 3 07:32:10 2000 25Return-Path: <xxx@example.com> 26Received: from example.com (root@example.com [149.144.245.5]) 27 by example.com (8.9.3/8.9.3) with ESMTP id HAA01305 28 for <bre@example.com>; Thu, 3 Aug 2000 07:32:03 GMT 29From: xxx@example.com 30Date: Thu, 3 Aug 2000 06:39:59 GMT 31Message-Id: <200008030639.GAA23780@example.com> 32MIME-Version: 1.0 33Sender: xxx@example.com 34Subject: <applet blah blah> 35To: fake@example.com 36Content-Type: multipart/mixed; boundary="=ABACAB:=_0006@@UtD0uere5ZCIrVlOp0vV" 37 38--=ABACAB:=_0006@@UtD0uere5ZCIrVlOp0vV 39Content-Type: text/plain; charset="iso-8859-1" 40Content-Disposition: attachment; filename="html-test.txt" 41Content-Transfer-Encoding: 8bit 42 43<html> 44 <head> 45 <meta refresh="..."> 46 </head> 47 <body> 48 <style type=evil>blah blah blah blah 49 blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah 50 blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah 51 blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah 52 blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah 53 on 54 multiple 55 lines, blah 56 blah 57 blah 58 blah.</style> 59 <applet>ble</applet> 60 <!-- <script language="javascript"> bla bla </script> --> 61 <object>moo</object> 62 <embed>moo</embed> 63 <frame>baa baa</frame> 64 <iframe>baaaa baa</iframe> 65 <layer>evil hotmail exploit layer!</layer> 66 <ilayer>does the ilayer tag exist?</ilayer> 67 <p style="evil"> 68 <form action="do something really evil" method="post"> 69 <img src="http://some.evil.bug.host/"> 70 <img dynsrc="http://some.evil.bug.host/"> 71 &{[code]}; 72 <img src=&{[code]};> 73 <img src="mocha:[code]"> 74 <img src="blah"onmouseover="[code]"> 75 <img src="blah>" onmouseover="[code]"> 76 <link rel=blablah> 77 <div> 78 <a href="bleh" onAbort="goobygooby">test</a> 79 <a href="bleh" onBlur="goobygooby">test</a> 80 <a href="bleh" onChange="goobygooby">test</a> 81 <a href="bleh" onClick="goobygooby">test</a> 82 <a href="bleh" onDblClick="goobygooby">test</a> 83 <a href="bleh" onDragDrop="goobygooby">test</a> 84 <a href="bleh" onError="goobygooby">test</a> 85 <a href="bleh" onFocus="goobygooby">test</a> 86 <a href="bleh" onKeyDown="goobygooby">test</a> 87 <a href="bleh" onKeyPress="goobygooby">test</a> 88 <a href="bleh" onKeyUp="goobygooby">test</a> 89 <a href="bleh" onMouseDown="goobygooby">test</a> 90 <a href="bleh" onMouseMove="goobygooby">test</a> 91 <a href="bleh" onMouseOut="goobygooby">test</a> 92 <a href="bleh" onMouseUp="goobygooby">test</a> 93 <a href="bleh" onMove="goobygooby">test</a> 94 <a href="bleh" onReset="goobygooby">test</a> 95 <a href="bleh" onResize="goobygooby">test</a> 96 <a href="bleh" onSelect="goobygooby">test</a> 97 <a href="bleh" onSubmit="goobygooby">test</a> 98 <a href="bleh" onUnload="zorro%20">test</a> 99 <a href="javascript:DoSomething(blah)">blah blah</a> 100 </div> 101 </p> 102 </body> 103</html> 104 105--=ABACAB:=_0006@@UtD0uere5ZCIrVlOp0vV-- 106EOF 107done 108