I found this script:
The problem is, ppl can inject html/java code into it, i'd like to avoid that. I don't know tcl, wish I did.## This script catches urls said on channels and set on topics
## and makes a webfile of them.
## 21.7.1997 by Goblet email: goblet@sci.fi
set urllogfile "urls.log"
set urlwebfile "/wwwhome/goblet/public_html/blerp/urllog.html"
bind pubm - * check_if_url
bind topc - * check_if_url
proc check_if_url {nick uhost hand chan text} {
global urllogfile urlwebfile botnick
foreach i $text {
if {([string match "*http://*" $i]) || ([string match "*ftp://*" $i])
|| ([string match "*www.*" $i]) || ([string match "*ftp.*" $i])} {
set fd [open $urllogfile a+]
if {[string match "*www.*" $i] && ![string match "*http://*" $i]} {
set i "http://$i"
}
if {[string match "*ftp.*" $i] && ![string match "*ftp://*" $i]} {
set i "ftp://$i"
}
puts $fd "<a href=\"$i\">$i</a><br>"
puts $fd "[ctime [unixtime]] $nick ($uhost)<br><hr>"
close $fd
putlog "URL detected ($nick)"
set fd [open $urlwebfile w]
set fd2 [open $urllogfile r]
puts $fd "<html><head><title>Catched URLs</title></head>"
puts $fd "<body bgcolor=#FFFFFF text=#000000>"
puts $fd "<center><font size=6>URLs catched by $botnick</center><hr>"
puts $fd "<font size=3>"
while {![eof $fd2]} {
gets $fd2 foo
puts $fd $foo
}
puts $fd "<center><address>© <a href=\"http://www.sci.fi/~goblet/\">"
puts $fd "Goblet</a> 1997</address></center>"
puts $fd "</body></html>"
close $fd
close $fd2
}
}
}
putlog "URL-catcher by Goblet"
This is an example of how you can mess the generated html page up.
http://www.<textarea>.com
I think it speaks for itself what happens when it catches that url
Any help to fix this flaw is appreciated.
