iframe dilemma: a compromise?

Julian Field mailscanner at ecs.soton.ac.uk
Wed Nov 6 15:04:55 GMT 2002

At 14:28 06/11/2002, you wrote:
>On Wed, 2002-11-06 at 14:38, Julian Field wrote:
> > So, say you have
> >          Allow IFrame Tags = yes
> > but you also have a new option
> >          Convert Dangerous HTML to Text = yes
> > then the message contents would be allowed through (by the 1st option) but
> > it would be stripped down to plain text (by the 2nd option). The definition
> > of "Dangerous" in this context is HTML containing either IFrame tags or
> > Object Codebase tags.
>how about converting it into slightly less dangerous HTML? (assuming
>users still want their HTML mail intact, which I think will mostly be
>the case)
>ie, turn IFRAME into DIV or something similar.
>btw, I'm wondering if an IFRAME without a src attribute is still as

You want to guarantee there is no src attribute within a particular iframe?
Very nasty parsing problem, that!
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list