fool html_font_invisible()
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554
Summary: HTML messages with <p style="color:#FFFFFF;" > fool
html_font_invisible()
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Libraries
AssignedTo: dev@spamassassin.apache.org
ReportedBy: milli@acmeps.com
Created an attachment (id=4850)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4850)
Patch
I have a heavy flow of HTML messages that are getting through with BAYES_00
scores because of hidden paragraphs with what look like cut-n-pasted messages
from technical forums, which have non-spammy bayesian scores of course.
After analyzing the messages, they are using something like/similar to the
following:
<p style="color:#FFFFFF; font-size:1px; line-height:1px;">
The HTML module was /not/ looking at style attributes on <p> tags and thus
missing the fact that the foreground font color is getting set to white, the
same as the background color.
The attached two-line patch against trunk version fixes this.
Save this as a file and look at in a browser to see the effect:
<html>
<body>
<p style="color: #FFFFFF;">
You Can't See Me
</p>
</body>
</html>
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554
Michael Milligan <mi...@acmeps.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |milli@acmeps.com
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554 --- Comment #6 from Michael Milligan <mi...@acmeps.com> 2011-04-05 15:51:14 EDT --- Created an attachment (id=4865) --> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4865) Email message UCE -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554
Michael Milligan <mi...@acmeps.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4850|0 |1
is obsolete| |
--- Comment #5 from Michael Milligan <mi...@acmeps.com> 2011-04-05 15:48:39 EDT ---
Created an attachment (id=4864)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4864)
Fix
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554
Darxus <Da...@ChaosReigns.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Darxus@ChaosReigns.com
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554
Curtis Maurand <cu...@maurand.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |curtis@maurand.com
--- Comment #8 from Curtis Maurand <cu...@maurand.com> ---
Just looked at the Rule and it has bgcolor => "#ffffff" and that's good, but it
misses bgcolor => "#FFFFFF"
Thanks,
Curtis
--
You are receiving this mail because:
You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |kmcgrail@pccc.com
Resolution| |FIXED
--- Comment #7 from Kevin A. McGrail <km...@pccc.com> 2011-11-03 19:42:58 UTC ---
(In reply to comment #6)
> Created attachment 4865 [details]
> Email message UCE
Good catch and thanks for the patch!
svn commit -m 'Patch to extend checking for color on p and div tags per
bug6554' lib/Mail/SpamAssassin/HTML.pm
Sending lib/Mail/SpamAssassin/HTML.pm
Transmitting file data .
Committed revision 1197282.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554
--- Comment #9 from Curtis Maurand <cu...@maurand.com> ---
This did not get caught: <p style="color:#FFFFFF"> I should have seen
something in the score, but all I got was:
X-Spam-Status: No, score=-1.178 required=2.3 tests=[BAYES_00=-1.9,
HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001] autolearn=unavailable
Don't get me started on Bayes_00, but that' s a different post.
--
You are receiving this mail because:
You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554 --- Comment #2 from Michael Milligan <mi...@acmeps.com> 2011-03-17 21:27:38 EDT --- Yup, you're right. I just tried that short test snippet with both div and blockquote instead of p with the same result (on Chrome anyway). White on white (thus, invisible). <span> as well, but that is already checked for a style attribute. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554 --- Comment #1 from Darxus <Da...@ChaosReigns.com> 2011-03-17 21:20:16 EDT --- There are other elements missing, div and blockquote first come to mind. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554 --- Comment #3 from Darxus <Da...@ChaosReigns.com> 2011-03-17 21:36:48 EDT --- Nice! Even invalid html elements can change the color of text with a style attribute: <invalidasdf style="color: #FF00FF;"> invalidasdf </invalidasdf> <hr style="color: #FF00FF;"> hr </hr> I don't know if that's technically an invalid use of hr or not. Chromium 9.0.597.107. So all elements, including invalid elements, should be checked. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
fool html_font_invisible() Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6554 --- Comment #4 from Michael Milligan <mi...@acmeps.com> 2011-04-05 15:45:56 EDT --- I just caught a message that tried this with <div>, as in: <div ... style="color: rgb(255, 255, 255);"> ... </div> Message and patch attached. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.