93 lines
4.9 KiB
Text
93 lines
4.9 KiB
Text
#Content modifying Regular Expressions
|
|
#
|
|
# The format is: "extended regular expression"->"replacement straight string"
|
|
# E.g. "shit"->"censored" would replace all occurances of shit in any case.
|
|
# Far more complicated matches are possible. See other sources for examples
|
|
# of extended regular expressions.
|
|
|
|
# These are just some examples. If you write any, for example, to
|
|
# remove popups etc, please send them to author at e2guardian.org.
|
|
#
|
|
#"<script language.*open\(.*script>"->"<!-- its gone -->"
|
|
#"fuck|cunt|shit"->"**censored**"
|
|
#
|
|
# For ALL of these to work it requires e2guardian to be built with PCRE support,
|
|
# but some may work with the default C library regular expression support.
|
|
#
|
|
# Some of these are based on regular expressions from Privoxy.
|
|
|
|
#remove popups by AFN 2004/2/28
|
|
#"<html>"->"<script language='javascript'>fwo=window.open;function NO(url,nam,atr){return(this.window);}window.open=NO;</script><html>"
|
|
#"=[ ]*?window\.open[ ]*?\("->"=fwo("
|
|
#"<html>"->"<script language='javascript'>function NO(url,nam,atr){return(this.window);}window.open=NO;</script><html>"
|
|
|
|
# Fix Firefox <= 1.0.7 DoS
|
|
# http://www.whitedust.net/speaks/1432/
|
|
#"((<source)|(</source))text>"->"$1dosremovedtext"
|
|
|
|
# Disable ActiveX objects.
|
|
#"<object [^>]*application\/x-oleobject[^>]*>.*?<\/object>"->"<!-- Guardian Removed ActiveX Object -->"
|
|
#"<embed [^>]*(application/x-oleobject).*?>(.*?</embed>)?"->"<!-- Guardian Removed ActiveX Embed -->"
|
|
|
|
# Warn about address bar spoofing.
|
|
#"(<a[^>]*href[^>]*)(\x01|\x02|\x03|%0[012])"->"$1MALICIOUS-LINK"
|
|
|
|
# Disable all popups in JavaScript and HTML. It may cause unavoidable
|
|
# Javascript warnings or errors. Do not enable at the same time as other
|
|
# popup removing lines.
|
|
#"((\W\s*)(window|this|parent)\.)open\s*\\?\("->"$1concat("
|
|
#"\starget\s*=\s*(['"]?)_?(blank|new)\1?"->" notarget"
|
|
|
|
# Removes the APPLET tag which is generally used Java applets.
|
|
#"<applet[^>]*>.*?<\/applet>"->""
|
|
|
|
# Disable the BLINK and MARQUEE tags.
|
|
#"</?(blink|marquee)[^>]*>"->""
|
|
|
|
# Warn about potential cross-site-scripting vulnerability described here:
|
|
# http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2
|
|
#"f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);"->"alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);"
|
|
|
|
# Removes the SCRIPT tag with JavaScript. This will likely break sites that are
|
|
# badly written and thus rely on JavaScript. This should not be used at the same
|
|
# time as the 'script' category.
|
|
#"<script [^>]*javascript[^>]*>.*?<\/script>"->""
|
|
|
|
# Removes href=javascript: onmouseover=javascript: and other javascript actions.
|
|
# This is a good category to tick if using 'script' or 'javascript' categories.
|
|
# Beware that there are likely going to be a large number of matches and will
|
|
# require more CPU. Also this will break badly written sites that require
|
|
# JavaScript for navigation.
|
|
#"(onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|href)(=("|')?)javascript:"->"guardianremoved$2none:"
|
|
|
|
# Remove cookies set by JavaScript and HTML.
|
|
#"(\w+\.)+cookie(?=[ \t\r\n]*=)(?!='aab)"->"GuardianRemovedCookie"
|
|
#"<meta\s+http-equiv=['"]?set-cookie.*>"->"<!-- GuardianRemovedCookie -->"
|
|
|
|
# Attempt to detect and stop Nimda infected servers's web pages. This is rare
|
|
# and generally should be left unused.
|
|
#"<script language="JavaScript">(window\.open|1;''\.concat)\("readme\.eml", null, "resizable=no,top=6000,left=6000"\)</script>"->"<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>"
|
|
|
|
# Disable onunload (page close) popups.
|
|
#"(<body\s+[^>]*)onunload"->"$1never"
|
|
#"(<script.*)window\.onunload(?=.*</script>)"->"$1never"
|
|
|
|
# Removes the SCRIPT tag which could include JavaScript, perlscript and vbscript.
|
|
# This will likely break sites that are badly written and thus rely on client
|
|
# side scripts. This should not be used at the same time as the 'javascript' line.
|
|
#"<script[^>]*>.*?<\/script>"->""
|
|
|
|
# Disable Sockwave Flash objects.
|
|
#"<object [^>]*macromedia[^>]*>.*?<\/object>"->"<!-- Guardian Removed Shockwave Object -->"
|
|
#"<embed [^>]*(application/x-shockwave-flash\|\.swf).*?>(.*?</embed>)?"->"<!-- Guardian Removed Shockwave Flash Embed -->"
|
|
|
|
# Disable unsolicited popups.
|
|
#"([^'"]\s*<head.*>)(?=\s*[^'"])"->"$1<script>function SWGuardianWindowOpen(){return(null);}</script>"
|
|
#"([^\w\s.]\s*)((window|this|parent)\.)?open\s*\("->"$1SWGuardianWindowOpen("
|
|
#"([^'"]\s*</html>)(?!\s*(\\n|'|"))"->"$1<script>function PrivoxyWindowOpen(a, b, c){return(window.open(a, b, c));}</script>"
|
|
|
|
# Remove 1x1 GIFs used for user tracking.
|
|
#"<img\s+[^>]*(?:(width)|(height))\s*=\s*['"]?[01](?=\D)[^>]*(?:(width)|(height))\s*=\s*['"]?[01](?=\D)[^>]*?>"->""
|
|
|
|
# Prevent windows from resizing and moving themselves.
|
|
#"(?:window|this|self|top)\.(?:move|resize)(?:to|by)\("->"''.concat("
|