On Tue, 11 Apr 2023 16:23:53 +0200 Florian Lohoff <[email protected]> wrote:
> Javascript in emails is sub 0.1% - Its basically not in use. I just checked my inbox. Email notifications from Airbnb use Javascript. So you will definitely block valid (for some interpretation of "valid") email if you block all email with Javascript. However, if you want to do it, then blocking any HTML part with a <script> tag in it should be all you need. This can easily be done with HTML::Parser > And after 3 Weeks of Downtime the mood is currently to even block > all Microsoft Formats (docx, pptx, xlsx and the like) which > we do right now. That would *definitely* be a problem for me, but if it works for your organization, then go for it! > So my biggest concern is Mail with Javascript (Which was the origin) > and PDF with active content. Detecting active content in PDF is much trickier than detecting it in HTML. I assume you could use PDF::API2 and rummage through the objects in the PDF file, but I don't know how PDF::API2 returns active content. You'd need to experiment. Regards, Dianne.
pgpGNMgXHL4QQ.pgp
Description: OpenPGP digital signature
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. MIMEDefang mailing list [email protected] https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
