XADM: HTML in Subject Field Is Not Converted Properly When Message Is Forwarded

If you send a Hypertext Markup Language (HTML) message that contains special HTML characters in the Subject field, and then a rule is applied that forwards the message, the Subject field in the copy of the original message that is included in the forwarded message may not be displayed properly. The HTML characters may be displayed as HTML, instead of being displayed as text. Note that this problem occurs if the message is sent using the Simple Mail Transfer Protocol (SMTP) or sent using the Messaging Application Programming Interface (MAPI) with the HTML encapsulated as Rich Text Format (RTF).

For example, if you send an HTML message that contains &lt in the Subject field, the Subject field in the copy of the original message contains the less than character (<) instead of &lt.

This problem occurs when the forwarded message contains the \fromhtml1 tag in the RTF header. When this tag exists, Exchange Server assumes that all HTML entities have already been encapsulated as RTF. Therefore, it does not convert the HTML characters from the Subject field of the original message (which were added to the original RTF when the message was forwarded) into entities, which causes the characters to be displayed incorrectly.

To resolve this problem, obtain the latest service pack for Exchange Server version 5.5. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: The English version of this fix should have the following file attributes or later:

Component: Information Store

Microsoft has confirmed that this is a problem in Microsoft Exchange Server version 5.5. This problem was first corrected in Exchange Server 5.5 Service Pack 3.

This behavior represents a potential security concern, because the security features enabled on most e-mail servers do not check the Subject field as closely as the rest of the message. If malicious HTML code in the Subject field of the original message is not detected, the code may be run after the original message is forwarded by a rule and the Subject field is included in the forwarded message.