Allow ..... Tags = disarm

Kevin Spicer kevins at BMRB.CO.UK
Wed Nov 5 15:40:00 GMT 2003

On Wed, 2003-11-05 at 15:07, Furnish, Trever G wrote:

>What's the point of disarming input tags when form tags are taken out?
>An input without a form does nothing.

>Changing the type of buttons seems like a very bad idea to me - I can
>imagine a lot of confusion resulting and it doesn't seem like a useful

I can easily imagine a lot of confusion when users click 'Submit' and
nothing happens because the form tags disappear.  Are there really
legitimate reasons for sending forms by email?  (By legitimate I mean
reasons why people would actually want to recieve a form in an email?)

Scripts of any kind in email are a bad thing, Its pretty trivial to
write javascript (or VB script probably) which attaches itself to an
object (say a button or hyperlink) without including an on.... event in
the tag.  Ideally we should remove all on..... attributes from all tags
and disarm all script tags - but maybe this is getting too much?

BMRB International
+44 (0)20 8566 5000
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our

More information about the MailScanner mailing list