[Mimedefang] javascript in html attachments
David F. Skoll
dfs at roaringpenguin.com
Fri Mar 5 14:08:58 EST 2004
On Fri, 5 Mar 2004, Paul Whittney wrote:
> What concerns me, is that the email script could use randow variable
> words, so just scoring on words may miss it.
Yes.
> I'm also concerned that this will escalate into "Block all htm/html
> files",
And why would that be a problem?
HTML is bad enough. If you allow your mail clients to run
JavaScript, then server-side mail filters would need a JavaScript
interpreter to do a proper job of analysing the mail. And the security
implications of that are too horrendous to contemplate.
--
David.
More information about the MIMEDefang
mailing list