Andrew's Security Filter(s) v5.62 (May 10, 2009)

[Kye-U]

I worked on a filter that replaces tag names only, but it doesn't seem to work that well xD The filter below replaces offending tags with "foobar", but if you go on http://www.cnn.com, you'll see that it doesn't remove the contents of script tags.

I tried replacing foobar with div style="display:none;" and even tried to comment out the entire code with <!-- and -->, but only remembered that any nested allowed tags would be hidden.

Good test code would be <object><embed></object>. (with <embed> tags being allowed)

Code:

[Patterns]
Name = "Andrew's Security Filter - new method test"
Active = TRUE
URL = "(^$TST(a_bypass=*.ALL.*))$TYPE(htm)\9($TST(\9=\8(\&|\?)trust=bypass)$SET(bypassing=1)$SET(origlink=\8)|$TST(\9=*\?*)$SET(sep=\q\&)|(^$TST(\9=*\?*))$SET(sep=\?)|)$SET(scriptn=0)$SET(noscriptn=0)$SET(appletn=0)$SET(noappletn=0)$SET(objectn=0)$SET(noobjectn=0)$SET(embedn=0)$SET(noembedn=0)$SET(iframen=0)"
Limit = 11
Match = "("
        "(^$TST(bypassing=1))"
        ""
        "("
        "<"
        "("
        "script$TST(a_script=1)$TST(($GET(scriptn)+)=$LST(Count)|*)$SET(scriptn=$GET(i))"
        "|noscript$TST(a_noscript=1)$TST(($GET(noscriptn)+)=$LST(Count)|*)$SET(noscriptn=$GET(i))"
        "|applet$TST(a_applet=1)$TST(($GET(appletn)+)=$LST(Count)|*)$SET(appletn=$GET(i))"
        "|object$TST(a_object=1)$TST(($GET(objectn)+)=$LST(Count)|*)$SET(objectn=$GET(i))"
        "|embed$TST(a_embed=1)$TST(($GET(embedn)+)=$LST(Count)|*)$SET(embedn=$GET(i))"
        "|iframe$TST(a_iframe=1)$TST(($GET(iframen)+)=$LST(Count)|*)$SET(iframen=$GET(i))"
        "|noapplet$TST(a_noapplet=1)$TST(($GET(noappletn)+)=$LST(Count)|*)$SET(noappletn=$GET(i))"
        "|noobject$TST(a_noobject=1)$TST(($GET(noobjectn)+)=$LST(Count)|*)$SET(noobjectn=$GET(i))"
        "|noembed$TST(a_noembed=1)$TST(($GET(noembedn)+)=$LST(Count)|*)$SET(noembedn=$GET(i))"
        ")"
        "$SET(1=<foobar)"
        "|"
        "</"
        "("
        "script$TST(a_script=1)"
        "|noscript$TST(a_noscript=1)"
        "|applet$TST(a_applet=1)"
        "|object$TST(a_object=1)"
        "|embed$TST(a_embed=1)"
        "|iframe$TST(a_iframe=1)"
        "|noapplet$TST(a_noapplet=1)"
        "|noobject$TST(a_noobject=1)"
        "|noembed$TST(a_noembed=1)"
        ")"
        ">"
        "$SET(1=</foobar>)"
        ")"
        "$SET(andrew=yes)"
        ")"
        ""
        "|(^*?)$STOP()"
        "("
        "($TST(andrew=yes)|$TST(bypassing=1))"
        "$SET(1=\r\n\r\n<script type="text/javascript" src="http://local.ptron/andrew.js"></script>\r\n"
        "<script type="text/javascript">\r\n"
        "prx_a_array($GET(scriptn), $GET(noscriptn), $GET(iframen), $GET(appletn), $GET(embedn), $GET(objectn), $GET(noappletn), $GET(noembedn), $GET(noobjectn), "$GET(sep)", "$GET(bypassing)", "$GET(origlink)");\r\n"
        "</script>)"
        ")"
Replace = "\1"

EDIT:

This one comments out the entire block of code (included any nested allowed tags =[):

Code:

[Patterns]
Name = "Andrew's Security Filter - new method test (comment out)"
Active = TRUE
URL = "(^$TST(a_bypass=*.ALL.*))$TYPE(htm)\9($TST(\9=\8(\&|\?)trust=bypass)$SET(bypassing=1)$SET(origlink=\8)|$TST(\9=*\?*)$SET(sep=\q\&)|(^$TST(\9=*\?*))$SET(sep=\?)|)$SET(scriptn=0)$SET(noscriptn=0)$SET(appletn=0)$SET(noappletn=0)$SET(objectn=0)$SET(noobjectn=0)$SET(embedn=0)$SET(noembedn=0)$SET(iframen=0)"
Limit = 11
Match = "("
        "(^$TST(bypassing=1))"
        ""
        "("
        "<"
        "("
        "script$TST(a_script=1)$TST(($GET(scriptn)+)=$LST(Count)|*)$SET(scriptn=$GET(i))"
        "|noscript$TST(a_noscript=1)$TST(($GET(noscriptn)+)=$LST(Count)|*)$SET(noscriptn=$GET(i))"
        "|applet$TST(a_applet=1)$TST(($GET(appletn)+)=$LST(Count)|*)$SET(appletn=$GET(i))"
        "|object$TST(a_object=1)$TST(($GET(objectn)+)=$LST(Count)|*)$SET(objectn=$GET(i))"
        "|embed$TST(a_embed=1)$TST(($GET(embedn)+)=$LST(Count)|*)$SET(embedn=$GET(i))"
        "|iframe$TST(a_iframe=1)$TST(($GET(iframen)+)=$LST(Count)|*)$SET(iframen=$GET(i))"
        "|noapplet$TST(a_noapplet=1)$TST(($GET(noappletn)+)=$LST(Count)|*)$SET(noappletn=$GET(i))"
        "|noobject$TST(a_noobject=1)$TST(($GET(noobjectn)+)=$LST(Count)|*)$SET(noobjectn=$GET(i))"
        "|noembed$TST(a_noembed=1)$TST(($GET(noembedn)+)=$LST(Count)|*)$SET(noembedn=$GET(i))"
        ")\7"
        "$SET(matched=yes)"
        "$SET(1=<!-- <[\7])"
        "|"
        "(<!--|-->)$TST(matched=yes)"
        "|"
        "</"
        "("
        "script$TST(a_script=1)"
        "|noscript$TST(a_noscript=1)"
        "|applet$TST(a_applet=1)"
        "|object$TST(a_object=1)"
        "|embed$TST(a_embed=1)"
        "|iframe$TST(a_iframe=1)"
        "|noapplet$TST(a_noapplet=1)"
        "|noobject$TST(a_noobject=1)"
        "|noembed$TST(a_noembed=1)"
        ")\7"
        ">"
        "$SET(1=<[/\7]> -->)"
        "$SET(matched=)"
        ")"
        "$SET(andrew=yes)"
        ")"
        ""
        "|(^*?)$STOP()"
        "("
        "($TST(andrew=yes)|$TST(bypassing=1))"
        "$SET(1=\r\n\r\n<script type="text/javascript" src="http://local.ptron/andrew.js"></script>\r\n"
        "<script type="text/javascript">\r\n"
        "prx_a_array($GET(scriptn), $GET(noscriptn), $GET(iframen), $GET(appletn), $GET(embedn), $GET(objectn), $GET(noappletn), $GET(noembedn), $GET(noobjectn), "$GET(sep)", "$GET(bypassing)", "$GET(origlink)");\r\n"
        "</script>)"
        ")"
Replace = "\1"