3 Replies Latest reply on Sep 14, 2017 4:27 PM by Jon Scholten

    Filtering (multiple) ActiveX object instantiations embedded in HTML javascript and included .js files




      I'm evaluating migrating to MWG 7 - and am trying to remove all references to ActiveX objects in javascript - whether within HTML embedded javascript, or .js files that are included into HTML page (as MWG v6 has done for me previously).


      I have the "HTML Filtering" library ruleset in my demo policy - and also its sibling ruleset "Script Filtering" - with the ActiveX Filter sub-rulesets enabled under each.


      Both are in the root of the policy (i.e. I don't have Script Filtering under the HTML Filtering ruleset - but alongside at the same level). This feels instinctively right - and seems to work - but just letting you know in case wrong.


      The rulesets are clearly doing some work - and removing the first ActiveX references they see - but unfortunately only the first references in any object being parsed.


      Here's an example from a .js script:



      function() {return new XMLHttpRequest()},

      function() {return new ActiveXObject('Msxml2.XMLHTTP')},

      function() {return new ActiveXObject('Microsoft.XMLHTTP')}




      function() {return new XMLHttpRequest()},

      function() {return nothing},

      function() {return new ActiveXObject('Microsoft.XMLHTTP')}



      You can see one object instantiation has been replaced with the string "nothing" - but the second (and I guess all others) get through unscathed (experimentation shows this is the case for both the HTML Filtering ActiveX rules and the Script Filtering ActiveX rules - common problem).


      It feels like I'm missing some form of iteration to replace all matching objects.


      I'm pretty sure that the product is capable of replacing all matching references (as I've read lots of forum entries here talking of replacing things with gifs, where there are likely multiple things per page - as implied by the Ad replacement rulesets - someone would have noticed if only one advert per page was being replaced - when often there are three or four!).


      Only problem is I can't see what I am missing which should be causing the ruleset iteration over multiple matches within an object - and the ActiveX rulesets themselves look phrased to be only concerned with one match at a time.


      Q1: Can you confirm rulesets normally can replace multiple instances of the things they match on? i.e. that I'm not totally mad!


      Q2: Is it the Openers that cause the iteration of subsequent rulesets? Any ideas what I might have misconfigured? [+ which opener works on included .js files?]


      Many thanks in advance for any pointers you can give - been tearing my hair out for a day! James