On Sat, 12 Jan 2002, Paul Chvostek wrote:
Can anyone tell me why I *shouldn't* block inbound mail whose HTML
body contains either Javascript or embedded HTML forms? I'm doing
this now, but I'm not sure if I'm merely asking for a chomp to the
gluteus.
You may reject some mail you've asked for. For example, CNN
HTML-format quicknews uses javascript and (shudder) objects downloaded
from the CNN webserver.
The sanitizer defangs this stuff without rejecting the message. Have
you considered using it?
http://www.impsec.org/email-tools/procmail-security.html
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin(_at_)impsec(_dot_)org pgpk -a
jhardin(_at_)wolfenet(_dot_)com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Monty Python's Star Trek Voyager:
A successful trans-warp experiment turns Paris and Janeway into
newts, but they get better.
...wait a minute... It's already been done...
-----------------------------------------------------------------------
7 days until Babylon 5: the Legend of the Rangers
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail