Outlook Web Access corrupts HTML attachments

Scott dunn By Scott Dunn

The “Safe HTML” filter in Microsoft’s Outlook Web Access for Exchange Server deletes code from HTML attachments without warning.

Microsoft claims the filtering protects users by removing malicious elements, but the deletions can ruin a collaborative project and the “feature” isn’t present in any other Microsoft mail products.

Microsoft Exchange stealth-edits your e-mail

If you use Microsoft’s Outlook Web Access (OWA) to send someone an HTML file, don’t expect them to see any of the file’s comments or scripts. The file you receive may look completely normal, but Microsoft has edited the comments from the file along with other material the company considers dangerous.

It gets worse. According to Microsoft Knowledge Base article 899394, OWA may corrupt the structure of the message, remove some advanced functions, and eliminate other harmless content in the message itself or any attachments.

“Even if an e-mail message appears to be unmodified in Outlook 2003, that same e-mail message may be missing content when you view the message in Outlook Web Access,” the article states bluntly.

You needn’t even view the attachments to have them modified by the service. Merely right-clicking an attachment and saving it to your computer causes the file’s code to be stripped. Microsoft calls this feature of OWA “Safe HTML” filtering.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2008-06-05: