Re: Java 0-day exploit question
Posted: Wed Nov 28, 2012 2:44 am
I'm the original poster.
For months I've been allowing sites each time by clicking the noscript icon.
Today I tried to create a per site regex.
God, do I hate regex. After much gnashing of teeth - I came up with this:
I'm amazed that it actually seems to work. Well, it seems to be working correctly.
My goal is to set up something that works per domain, is easy to "read" and to edit
If it's designed correctly - it should allow an entire domain to run java or silverlight.
In other words - right now it's set up...
for java - example.com, chessgames.com, yahoo.com (yahoo.net is in there just in case)
for silverlight - example.com, microsoft.com
I tested the java regex on chessgames.com and at games.yahoo.com and it worked.
I can't test the silverlight regex right now because I don't have it installed (yet).
For months I've been allowing sites each time by clicking the noscript icon.
Today I tried to create a per site regex.
God, do I hate regex. After much gnashing of teeth - I came up with this:
Code: Select all
application/x-java\b[\w-]*@https?://([\w\.]+)?\b(example\.com|chessgames\.com|yahoo\.com|yahoo\.net)/* application/x-silverlight@https?://([\w\.]+)?\b(example\.com|microsoft\.com)/*
My goal is to set up something that works per domain, is easy to "read" and to edit
If it's designed correctly - it should allow an entire domain to run java or silverlight.
In other words - right now it's set up...
for java - example.com, chessgames.com, yahoo.com (yahoo.net is in there just in case)
for silverlight - example.com, microsoft.com
I tested the java regex on chessgames.com and at games.yahoo.com and it worked.
I can't test the silverlight regex right now because I don't have it installed (yet).