Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How do I stop malicious use of forms, JavaScript etc in messages ?

forms Javascript malicious Messages
0
Posted

How do I stop malicious use of forms, JavaScript etc in messages ?

0 CommentsAdd a Comment

1 Answer

0

A13. To stop people from putting malicious forms, scripts or Java, i.e. Trojan horse HTML, into a mail message we have added the true/false ini settings, allow_form, allow_java and allow_script. All three default to being false. For Example: When allow_form is set to false then all forms found in the bodies of the messages are disabled. DMailWeb/CWMail de-activates the form and replaces it with an appropriate message. When it is set to true, i.e. allow_form true then when messages open CWMail will leave any forms in the body of the message active. In addition to this the template variable v_exec (Execute HTML) can be used in the item template (item.tpl) to allow the users to decide if they would like to allow forms and scripts to be executed for the particular message that they are viewing. The v_exec setting overrides the administrator settings, allow_form, allow_java and allow_script so that the user can always run the form/script if they want to take the risk or if they know it is s

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123