Article ID: 899394 - View products that this article applies to.
This article describes the filtering in Microsoft Outlook Web Access for Microsoft Exchange Server 2003 that helps protect you from malicious script that can be included in HTML-formatted e-mail messages or attachments. The filtering that was introduced in Outlook Web Access for Exchange Server 2003 is known as "Safe HTML" filtering. This article also provides a workaround for sharing files that are removed by the "Safe HTML" filtering feature.
Note For information about an update to the Safe HTML filtering feature, see the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/912939/ )A software update for the Safe HTML filtering feature is available to enable you to use the POST method in HTML forms in Outlook Web Access for Exchange Server 2003
"Safe HTML" filtering was introduced in Outlook Web Access for Exchange Server 2003 to help protect users from malicious script and from certain HTML elements. The malicious script or the HTML element may run when the recipient opens the e-mail message or the attachment. Alternatively, the malicious script or the HTML element may run when the recipient takes an action such as clicking a link that is in the e-mail message.
Outlook Web Access filters out all potentially unsafe content from the e-mail message or from the attachment. Outlook Web Access also removes all scripts and elements or attributes that can reference a script. HTML forms and some other kinds of elements are also affected by the "Safe HTML" modifications that are made by Outlook Web Access.
The filtering in Outlook Web Access for Exchange Server 2003 is more rigorous than the filtering in Microsoft Office Outlook 2003. The reason is that the Outlook Web Access browser interface has more security requirements than the Outlook 2003 interface. Even if an e-mail message appears to be unmodified in Outlook 2003, that same e-mail message may be missing content when you view the message in Outlook Web Access.
The "Safe HTML" features in Outlook Web Access for Exchange Server 2003 may sometimes cause one or more of the following:
If you must share non-malicious content that is removed by Exchange Server 2003, there are some methods that you can use to work around this issue. For example, you can use the following method:
For more information about how to configure Outlook Web Access for Exchange Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/830827/ )How to manage Outlook Web Access features in Exchange Server 2003