Unbelievable. Has anybody at Yahoo ever taken a course on compilers or parsers?

In an incredibly stupid attempt to avoid scripting attacks, Yahoo Mail has been doing some filtering on HTML emails received in their accounts. Apparently, they are replacing words that could potentially be a script with their own idiotic versions that are not in JavaScript. So, for example, I just sent the following HTML email to myself:

blahblah medieval blahblah
blahblah mocha blahblah
blahblah evaluate blahblah
blahblah free expression

and this is what I received in my yahoo account:

blahblah medireview blahblah
blahblah espresso blahblah
blahblah reviewuate blahblah
blahblah free statement

We can see that the super-smart parser at Yahoo has decided that, for example, 'eval' is a really dangerous combination of letters, therefore changing it to the less threatening 'review'. The full list of words that are changed is:

eval => review
mocha => espresso
expression => statement
javascript => java-script
jscript => j-script
vbscript => vb-script
livescript => live-script
link => xlink
script => cursive
object => xobject
embed => xembed
body => xbody
iframe => xframe
layer => xlayer
applet => xapplet
meta => xmeta
form => xform

This has been going on for quite a while apparently (RISKS noted it more than a year ago, and it also appeared in this ZDNet Article). The really interesting thing is that a search in Google for "medireview" turns up hundreds of documents, including Resumes, University course lists, and discussion lists. Some people in the discussion lists ask about the origin of the word, and why it is used as a replacement.

When seeing things like this, one has to wonder how the "bubble" (since it was based on the "unprecedented innovation" that was happening) didn't burst sooner...

Categories: technology
Posted by diego on July 16 2002 at 5:26 PM