> ! # delete them.
>
> foreach $variable (@form_variables)
> {
> +
> + # Strip non-negotiable HTML.
> + # Un-Webify plus signs and %-encoding
> + $form_data{$variable} =~ tr/+/ /;
> + $form_data{$variable} =~
s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
> + $form_data{$variable} =~ $value =~ s/<!--(.|\n)*-->//g;
> +
> + # Replace bad words.
> foreach $word (@bad_words)
> {
> $form_data{$variable} =~ s/\b$word\b/censored/gi;
> }
> +
> + # Strip ALL HTML if configured this way.
> if ($allow_html != "yes")
> {
> $form_data{$variable} =~ s/<([^>]|\n)*>//g;
>
>
> (c) If you do not wish to allow guests to leave HTML tags at all, disable
> the use of HTML tags in the guestbook by setting appropriate
configuration
> variables. You can do this by changing the following line in
> guestbook.setup:
>
> $ diff -c guestbook.setup.old guestbook.setup
> *** guestbook.setup.old Wed Aug 14 16:28:13 1996
> --- guestbook.setup Mon Apr 21 15:51:20 1997
> ***************
> *** 16,22 ****
>
> $remote_mail = "yes"
>
> ! $allow_html = yes;
>
> @required_fields = ("realname", "comments");
>
> --- 16,22 ----
>
> $remote_mail = "yes"
>
> ! $allow_html = no;
>
> @required_fields = ("realname", "comments");
>
>
>
> For more information, contact Selena Sol at selena@eff.org
>
> ========================FORWARDED TEXT ENDS
HERE=============================
>
> If you believe that your system has been compromised, contact the CERT
> Coordination Center or your representative in the Forum of Incident
Response
> and Security Teams (FIRST). See http://www.first.org/team-info/.
>
> We strongly urge you to encrypt any sensitive information you send by
email.
> The CERT Coordination Center can support a shared DES key and PGP.
Contact
> the CERT staff for more information.
>
> Location of CERT PGP key
> ftp://info.cert.org/pub/CERT_PGP.key
>
>
> CERT Contact Information
> - ------------------------
> Email cert@cert.org
>
> Phone +1 412-268-7090 (24-hour hotline)
> CERT personnel answer 8:30-5:00 p.m. EST
> (GMT-5)/EDT(GMT-4), and are on call for
> emergencies during other hours.
>
> Fax +1 412-268-6989
>
> Postal address
> CERT Coordination Center
> Software Engineering Institute
> Carnegie Mellon University
> Pittsburgh PA 15213-3890
> USA
>
> CERT publications, information about FIRST representatives, and other
> security-related information are available from
> http://www.cert.org/
> ftp://info.cert.org/pub/
>
> CERT advisories and bulletins are also posted on the USENET newsgroup
> comp.security.announce
>
> To be added to our mailing list for CERT advisories and bulletins, send
your
> email address to
> cert-advisory-request@cert.org
> In the subject line, type
> SUBSCRIBE your-email-address
>
>
>
> * Registered U.S. Patent and Trademark Office.
>
> The CERT Coordination Center is part of the Software Engineering
> Institute (SEI). The SEI is sponsored by the U. S. Department of Defense.
>
>
> This file: ftp://info.cert.org/pub/cert_bulletins/VB-97.02.sol_guestbook
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBM1+00XVP+x0t4w7BAQGLVAP/U/yiJ5LLMQ2emOvK2DX81eDkAZ3hYh8A
> WRgC/zM4L48KOf+yWjBRF9C76wI20Jm3gdP3YfcX4uyklo+xMtN5ZioTYuofVgmA
> sbdOuZTMwg6t44T8nY+L2zIrnp5YyTeZJSZeJUwb6bX/pgub21M0iC+ywXZ+6wFe
> 5slK5NOGCf4=
> =apLR
> -----END PGP SIGNATURE-----