How to share files that are removed by the "Safe HTML" filtering feature in Outlook Web Access for Exchange Server 2003

Article translations Article translations
Article ID: 899394 - View products that this article applies to.
Expand all | Collapse all

INTRODUCTION

This article describes the filtering in Microsoft Outlook Web Access for Microsoft Exchange Server 2003 that helps protect you from malicious script that can be included in HTML-formatted e-mail messages or attachments. The filtering that was introduced in Outlook Web Access for Exchange Server 2003 is known as "Safe HTML" filtering. This article also provides a workaround for sharing files that are removed by the "Safe HTML" filtering feature.

Note For information about an update to the Safe HTML filtering feature, see the following Microsoft Knowledge Base article:

912939 A software update for the Safe HTML filtering feature is available to enable you to use the POST method in HTML forms in Outlook Web Access for Exchange Server 2003

MORE INFORMATION

"Safe HTML" filtering was introduced in Outlook Web Access for Exchange Server 2003 to help protect users from malicious script and from certain HTML elements. The malicious script or the HTML element may run when the recipient opens the e-mail message or the attachment. Alternatively, the malicious script or the HTML element may run when the recipient takes an action such as clicking a link that is in the e-mail message.

Outlook Web Access filters out all potentially unsafe content from the e-mail message or from the attachment. Outlook Web Access also removes all scripts and elements or attributes that can reference a script. HTML forms and some other kinds of elements are also affected by the "Safe HTML" modifications that are made by Outlook Web Access.

The filtering in Outlook Web Access for Exchange Server 2003 is more rigorous than the filtering in Microsoft Office Outlook 2003. The reason is that the Outlook Web Access browser interface has more security requirements than the Outlook 2003 interface. Even if an e-mail message appears to be unmodified in Outlook 2003, that same e-mail message may be missing content when you view the message in Outlook Web Access.

The "Safe HTML" features in Outlook Web Access for Exchange Server 2003 may sometimes cause one or more of the following:
  • The loss of structure of the e-mail message
  • The loss of advanced functionality
  • The loss of some non-malicious content in e-mail messages or in attachments
However, the "Safe HTML" features help provide a safer e-mailing environment for users.

If you must share non-malicious content that is removed by Exchange Server 2003, there are some methods that you can use to work around this issue. For example, you can use the following method:
  • Post the file attachment to a secure network share to which the recipients have access. Or, grant the recipients the required access to the network share to which you post the file. In the e-mail message, you can include a link to the network share and to the file.

REFERENCES

For more information about how to configure Outlook Web Access for Exchange Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:
830827 How to manage Outlook Web Access features in Exchange Server 2003

Properties

Article ID: 899394 - Last Review: October 25, 2007 - Revision: 1.3
APPLIES TO
  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition
Keywords: 
kbhowto kbtshoot KB899394

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com