[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev 2.8.2dev.14 patch 2 - rules
From: |
Klaus Weide |
Subject: |
Re: lynx-dev 2.8.2dev.14 patch 2 - rules |
Date: |
Mon, 25 Jan 1999 01:00:06 -0600 (CST) |
On Mon, 25 Jan 1999, Leonid Pauzner wrote:
> > + # Examples:
> > + # RULESFILE:/etc/lynx/cernrules
> > + # RULE:Fail file://localhost/etc/passwd* # Don't rely on it!
> > + # RULE:Fail gopher:* # reject by scheme
> > + # RULE:Pass finger://address@hidden/ # allow this,
> > + # RULE:Fail finger:* # but not others
> > + # RULE:Map http://old.server/* http://new.server/*
>
> Does '*' wildcard can be a string termination only,
> or probably like http://*.com/* etc.?
As far as I understand you can have 0 or 1 '*' in the first
URL, and it matches 0 or more characters.
If there is a second URL, and it also has a '*', then the '*'
gets replaced by the matches characters from the first URL.
Restricting URLs this way is in general not reliable, since there are
many ways to write the same thing - URLs don't get normalized to a
canonical form before the rules are checked. For example one could
just append "#something" (I haven't checked whether that gets removed
before the rules are applied, I think not). So at a minimum I would
end a URL with a '*' if there isn't already one.
Well that doesn't buy you much, the user could still hex-escape some
characters or use a double-'/', which makes the /etc/passwd example a
bad one. The <scheme>:* forms should be reliable though (no
guarantees), matching is case-insensitive but is_url() will have
canonicalized the scheme (if it's a known one, otherwise we shouldn't
get this far).
Klaus