On December 23, 2004 at 11:08, Jeff Breidenbach wrote:
Good catch. I'm seeing this as well, although (after checking
out about 10 messages) it seems like this problem only occurs in
HTML mail.
It happens because of the script filtering of HTML data. IE supports
the non-standard(?) 'expression' operator in CSS styles, which allows
script style instruction execution. Therefore, it can be used for
XSS-based attacks.
To keep things simple and to avoid complicated HTML and CSS parsing,
any occurance of "expression" is changed to "_expression_" to
disable it if occurs in a CSS style. The same applies to the string
"javascript".
--ewh
