On December 23, 2004 at 11:08, Jeff Breidenbach wrote: > Good catch. I'm seeing this as well, although (after checking > out about 10 messages) it seems like this problem only occurs in > HTML mail.
It happens because of the script filtering of HTML data. IE supports the non-standard(?) 'expression' operator in CSS styles, which allows script style instruction execution. Therefore, it can be used for XSS-based attacks. To keep things simple and to avoid complicated HTML and CSS parsing, any occurance of "expression" is changed to "_expression_" to disable it if occurs in a CSS style. The same applies to the string "javascript". --ewh
