iframe dilemma: a compromise?
Tal Kelrich
tal at MUSICGENOME.COM
Wed Nov 6 14:28:04 GMT 2002
On Wed, 2002-11-06 at 14:38, Julian Field wrote:
> So, say you have
> Allow IFrame Tags = yes
> but you also have a new option
> Convert Dangerous HTML to Text = yes
> then the message contents would be allowed through (by the 1st option) but
> it would be stripped down to plain text (by the 2nd option). The definition
> of "Dangerous" in this context is HTML containing either IFrame tags or
> Object Codebase tags.
how about converting it into slightly less dangerous HTML? (assuming
users still want their HTML mail intact, which I think will mostly be
the case)
ie, turn IFRAME into DIV or something similar.
btw, I'm wondering if an IFRAME without a src attribute is still as
dangerous
--
Tal Kelrich
PGP fingerprint: 3EDF FCC5 60BB 4729 AB2F CAE6 FEC1 9AAC 12B9 AA69
Key Available at: http://www.hasturkun.com/pub.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: This is a digitally signed message part
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20021106/0b46d6e7/attachment.bin
More information about the MailScanner
mailing list