"Safe HTML" filtering was introduced in Outlook Web Access for Exchange Server 2003 to help protect users from malicious script and from certain HTML elements. The malicious script or the HTML element may run when the recipient opens the e-mail message or the attachment. Alternatively, the malicious script or the HTML element may run when the recipient takes an action such as clicking a link that is in the e-mail message.
Outlook Web Access filters out all potentially unsafe content from the e-mail message or from the attachment. Outlook Web Access also removes all scripts and elements or attributes that can reference a script. HTML forms and some other kinds of elements are also affected by the "Safe HTML" modifications that are made by Outlook Web Access.
The filtering in Outlook Web Access for Exchange Server 2003 is more rigorous than the filtering in Microsoft Office Outlook 2003. The reason is that the Outlook Web Access browser interface has more security requirements than the Outlook 2003 interface. Even if an e-mail message appears to be unmodified in Outlook 2003, that same e-mail message may be missing content when you view the message in Outlook Web Access.
The "Safe HTML" features in Outlook Web Access for Exchange Server 2003 may sometimes cause one or more of the following:
- The loss of structure of the e-mail message
- The loss of advanced functionality
- The loss of some non-malicious content in e-mail messages or in attachments
However, the "Safe HTML" features help provide a safer e-mailing environment for users.
If you must share non-malicious content that is removed by Exchange Server 2003, there are some methods that you can use to work around this issue. For example, you can use the following method:
- Post the file attachment to a secure network share to which the recipients have access. Or, grant the recipients the required access to the network share to which you post the file. In the e-mail message, you can include a link to the network share and to the file.