Script Signature Filter looks for signature strings in scripts. If found, the whole script in deleted. This filter is similar to two other signature filters: Text Signature Filter and Comment Signature Filter.
One or more string parameters define a set of string signatures to look for in HTML <script> elements (that is between <script> and </script> “tags”). If there is a match, the whole script is deleted. See an example below.
Format:
string = text
See also Common Filter Parameters.
name = Malicious Script Remover
enabled = true
logging = true
time =
users =
exclude_users =
include = *
string = google_ad_client
string = AdRender(
string = document.write('<SCRIPT
string = document.write("<SCRIPT
string = document.write('<SCR'
string = document.write("<SCR"
string = AdRender(
string = printAdvert(
string = _hbEvent(
string = hbx.cmpn
string = urchinTracker(
Foxy web-based user interface will show the same filter like this:
This filter will delete scripts like this (the matching fragment is shown on bold):
<script language="JavaScript" type="text/javascript">
if (!window.OAS_sitepage) {
var BW_site; // use for new ad site
var BW_page = "/topnews";
var OAS_listpos; // use to restrict the number of available page positions
document.write('<scr' + 'ipt language="JavaScript" type="text/javascript" src="http://www.businessweek.com/common_scripts/oas_logic.js"><\/scr' + 'ipt>');
}
</script>
Note: Scripts generating scripts on the fly (they usualy contain something like “document.write("<scr”) are always evil. Kill them no matter how it damages the look of some pages.