Convert Dangerous HTML feature

Lancaster, David Matthew dml at UNB.CA
Fri Oct 17 13:39:11 IST 2003

Quoting Peter Peters <P.G.M.Peters at>:

> On Thu, 16 Oct 2003 13:35:23 -0300, you wrote:
> >> >Now, I appreciate this feature, since it permits IFRAMES and OBJECT
> >> >ridden emails to be passed while mitigating the dangers of such.
> >> >
> >> >So, what I'm wondering is, can the "Allow ..." and "Convert" options be
> changed
> >> >to allow a fine-grain level of control.
> >> >
> >> >Perhaps something like:
> >> >Allow Object Codebase Tags = convert
> >> >Allow IFrame Tags = convert
> >> >Allow Form Tags = yes
> >>
> >> You could use the same rulesets for the Allow-rules and the
> >> Convert-rules but reversed. An address in the Allow-rule with a yes
> >> would end up in the convert-rule with a no. You can even write a script
> >> that converts the one rule-file tot the other whil replacing yes and no.
> >
> >Yes, but I'd prefer to not have to keep adding to the lists.
> I use this as a kind of pressure not to subscribe to to many lists.

Unfortunatly, we can't exert that sort of pressure.

> >I just foresee more items (e.g. javascript, webbugs, lazy html) being added
> as
> >triggers to the "Convert Dangerous..." function, but only wanting some of
> the
> >of the triggers active.
> But if you convert html to plain text the whole purpose of html
> newsletters is gone. I have talked with a couple of my complainers
> because their lists had also ascii equivalents but they wanted the
> "clean" html.

But with the finer grained control, we could control which HTML newsletters are
converted.  Those with minor issues [in our opinion of course], e.g. forms,
would pass through, while those with iframes or object codebase tags would be


More information about the MailScanner mailing list