iframe dilemma: a compromise?
Julian Field
mailscanner at ecs.soton.ac.uk
Wed Nov 6 15:04:55 GMT 2002
At 14:28 06/11/2002, you wrote:
>On Wed, 2002-11-06 at 14:38, Julian Field wrote:
> > So, say you have
> > Allow IFrame Tags = yes
> > but you also have a new option
> > Convert Dangerous HTML to Text = yes
> > then the message contents would be allowed through (by the 1st option) but
> > it would be stripped down to plain text (by the 2nd option). The definition
> > of "Dangerous" in this context is HTML containing either IFrame tags or
> > Object Codebase tags.
>how about converting it into slightly less dangerous HTML? (assuming
>users still want their HTML mail intact, which I think will mostly be
>the case)
>ie, turn IFRAME into DIV or something similar.
>
>btw, I'm wondering if an IFRAME without a src attribute is still as
>dangerous
You want to guarantee there is no src attribute within a particular iframe?
Very nasty parsing problem, that!
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list