Gmail will block JavaScript file attachments starting next month

[Jos]

Google will soon begin blocking Javascript attachments in Gmail in an effort to protect users form malicious attacks. The ban will take effect beginning February 13 and expands upon the service’s existing list of restricted file attachments, which also includes .exe, .msc and .bat archives. 

Similar to how it handles other restricted attachments, if you try to attach a .js file to an email on or after the 13th, you'll get a notification that says it's blocked "because its content presents a potential security issue." The service will detect .js files even if they're sent in compressed form as a .zip, for example.

If you still need to send .js files for legitimate reasons, Google suggests you use Google Drive, Google Cloud Storage, or other storage solutions to share or send your files

JavaScript is a common language used when developing web applications, and while .js files are not inherently bad, you shouldn’t open them if sent from an unknown source since hackers can use them to gain access to a user’s PC and install downloaders for a ransomware or other types of malware.

It’s unclear Google will also show a warning when users receive emails with JS files attached.

Permalink to story.

https://www.techspot.com/news/67919-gmail-block-javascript-file-attachments-starting-next-month.html

 

[DelJo63]

Ditch HTML formatting and make'm read plain text - - it's just raw data and no processing is required

 

[Fabio Turati]

Ditch HTML formatting and make'm read plain text - - it's just raw data and no processing is required

Why don't we just go back to the stone age? 10.000 years ago there were no Javascript exploits, believe me!

 

[DelJo63]

Why don't we just go back to the stone age? 10.000 years ago there were no Javascript exploits, believe me!

RTF has sufficient formatting controls w/o subjecting the user to script injects, et all.
Btw: I was using Email, FTP, and Gopher long before you ever saw the World Wide Web.

 

[cliffordcooley]

The service will detect .js files even if they're sent in compressed form as a .zip, for example.

That's going too far. So instead of teaching people or allowing them to learn the hard way, they prevent people from easily sharing content. Good move Google, I'm so glad I don't use your service. I can understand blocking the bare js file. But if someone stupidly opens an archive and runs damaging script, why punish everyone for their stupidity?

 

[DelJo63]

That's going too far. So instead of teaching people or allowing them to learn the hard way, they prevent people from easily sharing content.

Just how many NEED to share JS content??? one in one thousand (maybe) and today, iCloud, Dropbox and even archaic FTP are better choices w/o risks to any email recipient.

Forget barn doors; when every other board on the barn is missing, you can't even play hide-n-seek. Systems today are like a colander and everything just pours through.

 

[cliffordcooley]

Just how many NEED to share JS content???

Probably about the same number as those who shoot each other. But yet taking away the method of doing so, does not fix the underlined problem. Nor is it fair to those who use it wisely.

 

[DelJo63]

Nor is it fair to those who use it wisely.

Unfortunately that's the hackers; Joe & Mary Smith wouldn't even know how