Convert Dangerous HTML feature

Peter Peters P.G.M.Peters at utwente.nl
Thu Oct 16 15:03:46 IST 2003


On Thu, 16 Oct 2003 09:59:22 -0300, you wrote:

>The HTML Forms option is causing a bit of grief here.
>
>I had briefly blocked HTML forms, but a number of users receive legitimate HTML
>newsletters with forms in them. (search boxes, etc.)
>
>So I disabled the block HTML Forms option....but now HTML emails with form tags
>are converted to text, since I have the "Convert Dangerous HTML To Text" option
>set to yes.

I use rules to only allow in mail from certain senders.

>Now, I appreciate this feature, since it permits IFRAMES and OBJECT CODEBASE
>ridden emails to be passed while mitigating the dangers of such.
>
>So, what I'm wondering is, can the "Allow ..." and "Convert" options be changed
>to allow a fine-grain level of control.
>
>Perhaps something like:
>Allow Object Codebase Tags = convert
>Allow IFrame Tags = convert
>Allow Form Tags = yes

You could use the same rulesets for the Allow-rules and the
Convert-rules but reversed. An address in the Allow-rule with a yes
would end up in the convert-rule with a no. You can even write a script
that converts the one rule-file tot the other whil replacing yes and no.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ



More information about the MailScanner mailing list