Sanitizing iframe and cid

From: Bill Elswick (
Date: Fri 03 Dec 2004 - 21:45:43 GMT

  • Next message: "Swedish & French Characters"

    Hi All,

    I recently got an email that passed through Sanitizer with everything
    on except for feat_paranoid, which contains some code that is clearly
    up to no good. I'm looking for suggestions on how to configure Sanitizer
    to stop thing like this from getting through. I would hate to simply
    disable all cid: urls, since that would kill all embedded pictures.
    But killing all "iframe" tags seems like a good idea in general. Here
    is the offending snippet from the mail that suggested this:
    Received message is available at:<br>
    <a href="cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re" height=0

    <iframe src="cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re" height=0 width=0>

    Any suggestions would be appreciated.


    hosted by