Andrew's Security Filter(s) v5.62 (May 10, 2009)

[z12]

Nice to see an update to this filter.
Here's a couple of things I noticed.

When the noscript and iframe tags match, the tags attributes are inlcuded inside the textarea tag.
It can make for a rather odd looking textarea replacement tag, especially with the iframe tag.
Perhaps the filter should match & replace the entire tag when replacing with a textarea tag.

There seems to be a problem with bypassing.
Add this code to the top of "Andrew's Security Filter v5.57" web filter:

Code:

$SET(bypassing=1)$SET(a_applet=1)$SET(a_object=1)
$SET(a_embed=1)$SET(a_noscript=1)$SET(a_iframe=1)

In the log window, test code:

Code:

</applet></object></embed></noscript></iframe>

Log window matching code:

Code:

</foo></foo></foo></textarea></textarea>

These shouldn't match when bypassed.
I find Notepad++ to be very useful for making sure parenthesis match the desired code.

Is $STOP() even needed now? Stopping at the end of the page probably won't speed things up.
I can see $STOP being useful when bypassing=1.

Also, the js is not injected if not bypassing and no matches occured on the page.
Is this intentional?

z12