New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
block js attachments #1830
Comments
+1
How about .app.zip too? (that's what you get if you drag an .app to
Mail.app to send)
Probably a few other mac types we'd want to prevent. Perhaps .dmg and .pkg?
…On Thu, Feb 16, 2017 at 8:34 PM, Matt Simerson ***@***.***> wrote:
I'm thinking we should also add .js to our list of default attachment
types that we block.
- Gmail will block .js file attachments starting February 13, 2017
<https://gsuiteupdates.googleblog.com/2017/01/gmail-will-restrict-js-file-attachments.html>
https://t.co/tIy1KPgVHb
- Some file types are blocked
<https://support.google.com/mail/answer/6590>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1830>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAobY3rDAm0FMNdvGb3JdFGByzRI37UTks5rdPkPgaJpZM4MDxFe>
.
|
|
I'm wondering whether this is a reasonable default when Gatekeeper is doing a pretty good job at preventing that vector on macOS. I just searched my own email and the only legit example I could find was a .app I received from Apple support in 2014, for debugging an issue with a 4k display. Most legit app distributions are via HTTP nowadays. I wonder that the use cases are for sending those file types? |
I'm thinking we should also add
.js
to our list of default attachment types that we block.https://t.co/tIy1KPgVHb
The text was updated successfully, but these errors were encountered: