Content Checks: Detected HTML-specic exploits in h8AGGVSe016972

[Antony Stone]

On Thursday 11 September 2003 2:58 pm, Kevin Spicer wrote:

> My approach is to strip html from all incoming messages of these types,
> and block outgoing messages.  The principle being that often the
> essential information is still communicated by a stripped message (for
> the few that are actually anything important) and that blocking outgoing
> mail that breaks the rules is better than having our mails stripped or
> blocked by the recipients mail server, as it allows the internal sender
> to reformat in a way they control.
>
> My only issue with this is that I'd rather there was a smart html
> stripper [no jokes about smart strippers please!] which only removed the
> offending tags.

Surely this is precisely what "Convert Dangerous HTML to Text = yes" is for?
Or am I misunderstanding that MS option?

Antony.
--

It suddenly dawns on the observer that there is no end to the creativity that
these mindless hackers can come up with.

 - Kevin Kelly, Out of Control