Results 1 to 2 of 2

Thread: Security Issue: "Loading external HTML Content"

  1. #1
    Junior Member
    Join Date
    Mar 2011
    Posts
    13

    Security Issue: "Loading external HTML Content"

    Hi there,

    this is my first post here and first of all, i want to thank the zarafa-team for this great software.

    At the moment i'm evaluating several collaboration solutions. Untill now (catalogue of requirements is processed at 30%), Zarafa seems to fit best and could be the winner of this "comparison", but there is one BIG security issue (killing argument for Zarafa): "Enabling / Disabling / Warning loading external HTML-Content" :-?

    Fortunately (imho) or unfortunately (later on making decision "pro" zarafa) my customer's security-policies (btw. Non-"Paula on the Ponyfarm"-Customers) do not allow to load external HTML-Content, according to "BSI Grundschutzhandbuch" and other security guidelines and recommendations.


    Therefore the solution has to be be implemented in Zarafa.

    Do you have any proposals?

    Greetings

    JMJS

    P.S: This topic was already mentioned in another thread, started over one year ago... until now without any solution! This make me wonder! Apparently no one requires this killing feature? IMHO unpossible or better "impractical"...

  2. #2

    Re: Security Issue: "Loading external HTML Content"

    Best thing is to request this feature by emailing to . It helps if you can indicate the 'business value' for the feature for you, which may speed things up.

    In the mean time, you can do a simple implementation yourself if you're into PHP; go to your document root for webaccess, server/core/htmlfilter.php and take a look at sq_fix_url(), which filters all src='' tags. If you just turn that into

    instead of return $attvalue, this will remove all images; on the other hand users will not have the option of re-enabling them for certain messages.

Similar Threads

  1. Security Problem: External HTML Content
    By lxer in forum WebAccess
    Replies: 27
    Last Post: 02-08-2011, 04:36 PM
  2. Upgrade to 6.40.6 failed with "loading" in folder list
    By mikescholes in forum Installation and Configuration Archives
    Replies: 2
    Last Post: 23-03-2011, 11:08 AM
  3. Folders "Inbox", "Calendar", "Sent Items", etc. disappeared
    By rvjr in forum Installation and Configuration Archives
    Replies: 5
    Last Post: 12-01-2011, 10:20 PM
  4. Cannot enable "Zarafa security" add-in in Outlook
    By harris in forum Outlook usage Archives
    Replies: 9
    Last Post: 28-09-2010, 12:48 PM
  5. "HTTP 500 Internal Server Error" on some HTML mails
    By silwol in forum WebAccess usage Archives
    Replies: 1
    Last Post: 23-08-2010, 01:13 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •