Convert Dangerous HTML feature
Lancaster, David Matthew
dml at UNB.CA
Fri Oct 17 13:39:11 IST 2003
Quoting Peter Peters <P.G.M.Peters at utwente.nl>:
> On Thu, 16 Oct 2003 13:35:23 -0300, you wrote:
>
> >> >Now, I appreciate this feature, since it permits IFRAMES and OBJECT
> CODEBASE
> >> >ridden emails to be passed while mitigating the dangers of such.
> >> >
> >> >So, what I'm wondering is, can the "Allow ..." and "Convert" options be
> changed
> >> >to allow a fine-grain level of control.
> >> >
> >> >Perhaps something like:
> >> >Allow Object Codebase Tags = convert
> >> >Allow IFrame Tags = convert
> >> >Allow Form Tags = yes
> >>
> >> You could use the same rulesets for the Allow-rules and the
> >> Convert-rules but reversed. An address in the Allow-rule with a yes
> >> would end up in the convert-rule with a no. You can even write a script
> >> that converts the one rule-file tot the other whil replacing yes and no.
> >
> >Yes, but I'd prefer to not have to keep adding to the lists.
>
> I use this as a kind of pressure not to subscribe to to many lists.
Unfortunatly, we can't exert that sort of pressure.
> >I just foresee more items (e.g. javascript, webbugs, lazy html) being added
> as
> >triggers to the "Convert Dangerous..." function, but only wanting some of
> the
> >of the triggers active.
>
> But if you convert html to plain text the whole purpose of html
> newsletters is gone. I have talked with a couple of my complainers
> because their lists had also ascii equivalents but they wanted the
> "clean" html.
But with the finer grained control, we could control which HTML newsletters are
converted. Those with minor issues [in our opinion of course], e.g. forms,
would pass through, while those with iframes or object codebase tags would be
converted.
D.
More information about the MailScanner
mailing list