[Mimedefang] HTML Exploits

Jonas Eckerman jonas_lists at frukt.org
Mon May 7 07:06:28 EDT 2007


Daniel Aquino wrote:

> And really if you just remove all ScriptTags and get rid of any Event
> Handlers, than that should clean the html no?

You also need to clean any CSS used in or by the document. To do 
this you not only need to clean CSS in the mail, you also need to 
either remove references to external CSS, or download, clean and 
insert external CSS direcxtly into the mail.

I'm sure there are other strange ways of inserting active code in 
a HTML mail as well...

/Jonas
-- 
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/




More information about the MIMEDefang mailing list