[Mimedefang] HTML Exploits
Jonas Eckerman
jonas_lists at frukt.org
Mon May 7 07:06:28 EDT 2007
Daniel Aquino wrote:
> And really if you just remove all ScriptTags and get rid of any Event
> Handlers, than that should clean the html no?
You also need to clean any CSS used in or by the document. To do
this you not only need to clean CSS in the mail, you also need to
either remove references to external CSS, or download, clean and
insert external CSS direcxtly into the mail.
I'm sure there are other strange ways of inserting active code in
a HTML mail as well...
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
More information about the MIMEDefang
mailing list