Attachment Security Checks April 15, 2014, 08:07:11 pm I was going back in the history seeing how the current security scan (paranoid one) came aboutCode: [Select](iframe|\\<\\?|\\<%|html|eval|body|script\W|[CF]WS[\x01-\x0C]) //Improved regular expression detection (iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W) // Don't allow the word 'description' to trigger a false positive.(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script) // Added protection against <?= and <%=(iframe|\\<\\?php|\\<\\?\s|\\<%\s|html|eval|body|script) // Relax the conditions for an avatar to be refused.(iframe|\\<\\?php|\\<\\?|\\<%|html|eval|body|script) // Prevent certain ascii data to appear in avatarsThe current one looks for \< or \<\ or \<% and will fail ... seems pretty strict to me, so strict in fact that probably no one uses it since the odds of find \< are darn good.Looking at the progression, I don't think that was the intention but wanted to get some others thoughts on that. I'm not sure what the signature in the file would be. Even the earlier ones of |\\<\\?php which means \<php or \<\php don't make sense to me, I could see \\<\\\?php or even \\<\\?\?php Any of you at heart hackers have insight on this one?