#Content modifying Regular Expressions # # The format is: "extended regular expression"->"replacement straight string" # E.g. "shit"->"censored" would replace all occurances of shit in any case. # Far more complicated matches are possible. See other sources for examples # of extended regular expressions. # These are just some examples. If you write any, for example, to # remove popups etc, please send them to author at e2guardian.org. # #"<script language.*open\(.*script>"->"<!-- its gone -->" #"fuck|cunt|shit"->"**censored**" # # For ALL of these to work it requires e2guardian to be built with PCRE support, # but some may work with the default C library regular expression support. # # Some of these are based on regular expressions from Privoxy. #remove popups by AFN 2004/2/28 #"<html>"->"<script language='javascript'>fwo=window.open;function NO(url,nam,atr){return(this.window);}window.open=NO;</script><html>" #"=[ ]*?window\.open[ ]*?\("->"=fwo(" #"<html>"->"<script language='javascript'>function NO(url,nam,atr){return(this.window);}window.open=NO;</script><html>" # Fix Firefox <= 1.0.7 DoS # http://www.whitedust.net/speaks/1432/ #"((<source)|(</source))text>"->"$1dosremovedtext" # Disable ActiveX objects. #"<object [^>]*application\/x-oleobject[^>]*>.*?<\/object>"->"<!-- Guardian Removed ActiveX Object -->" #"<embed [^>]*(application/x-oleobject).*?>(.*?</embed>)?"->"<!-- Guardian Removed ActiveX Embed -->" # Warn about address bar spoofing. #"(<a[^>]*href[^>]*)(\x01|\x02|\x03|%0[012])"->"$1MALICIOUS-LINK" # Disable all popups in JavaScript and HTML. It may cause unavoidable # Javascript warnings or errors. Do not enable at the same time as other # popup removing lines. #"((\W\s*)(window|this|parent)\.)open\s*\\?\("->"$1concat(" #"\starget\s*=\s*(['"]?)_?(blank|new)\1?"->" notarget" # Removes the APPLET tag which is generally used Java applets. #"<applet[^>]*>.*?<\/applet>"->"" # Disable the BLINK and MARQUEE tags. #"</?(blink|marquee)[^>]*>"->"" # Warn about potential cross-site-scripting vulnerability described here: # http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2 #"f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);"->"alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);" # Removes the SCRIPT tag with JavaScript. This will likely break sites that are # badly written and thus rely on JavaScript. This should not be used at the same # time as the 'script' category. #"<script [^>]*javascript[^>]*>.*?<\/script>"->"" # Removes href=javascript: onmouseover=javascript: and other javascript actions. # This is a good category to tick if using 'script' or 'javascript' categories. # Beware that there are likely going to be a large number of matches and will # require more CPU. Also this will break badly written sites that require # JavaScript for navigation. #"(onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|href)(=("|')?)javascript:"->"guardianremoved$2none:" # Remove cookies set by JavaScript and HTML. #"(\w+\.)+cookie(?=[ \t\r\n]*=)(?!='aab)"->"GuardianRemovedCookie" #"<meta\s+http-equiv=['"]?set-cookie.*>"->"<!-- GuardianRemovedCookie -->" # Attempt to detect and stop Nimda infected servers's web pages. This is rare # and generally should be left unused. #"<script language="JavaScript">(window\.open|1;''\.concat)\("readme\.eml", null, "resizable=no,top=6000,left=6000"\)</script>"->"<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>" # Disable onunload (page close) popups. #"(<body\s+[^>]*)onunload"->"$1never" #"(<script.*)window\.onunload(?=.*</script>)"->"$1never" # Removes the SCRIPT tag which could include JavaScript, perlscript and vbscript. # This will likely break sites that are badly written and thus rely on client # side scripts. This should not be used at the same time as the 'javascript' line. #"<script[^>]*>.*?<\/script>"->"" # Disable Sockwave Flash objects. #"<object [^>]*macromedia[^>]*>.*?<\/object>"->"<!-- Guardian Removed Shockwave Object -->" #"<embed [^>]*(application/x-shockwave-flash\|\.swf).*?>(.*?</embed>)?"->"<!-- Guardian Removed Shockwave Flash Embed -->" # Disable unsolicited popups. #"([^'"]\s*<head.*>)(?=\s*[^'"])"->"$1<script>function SWGuardianWindowOpen(){return(null);}</script>" #"([^\w\s.]\s*)((window|this|parent)\.)?open\s*\("->"$1SWGuardianWindowOpen(" #"([^'"]\s*</html>)(?!\s*(\\n|'|"))"->"$1<script>function PrivoxyWindowOpen(a, b, c){return(window.open(a, b, c));}</script>" # Remove 1x1 GIFs used for user tracking. #"<img\s+[^>]*(?:(width)|(height))\s*=\s*['"]?[01](?=\D)[^>]*(?:(width)|(height))\s*=\s*['"]?[01](?=\D)[^>]*?>"->"" # Prevent windows from resizing and moving themselves. #"(?:window|this|self|top)\.(?:move|resize)(?:to|by)\("->"''.concat("