HTML Policy Settings
[Policy] > [Basic Decontamination Policy] > [HTML] Settings
The HTML tab provides settings to remove threat elements such as scripts and links included within web-based files or HTML content.
By handling dynamically executable elements statically, it blocks user execution-based security threats.
⚠️ The permission to set the basic de-identification policy is granted to [Administrator Type - System Administrator], and
Administrator permission settings can be configured in [Administrator Settings] > [Account and Permission Management].
Detailed Description of Settings Items
| Policy Name | Description |
|---|---|
| HTML Script Removal Settings | Sets whether to remove script code included in the HTML document. A script is code that automatically executes when an HTML document is viewed and can trigger malicious actions. |
| HTML Web Beacon Removal Settings | Set whether to remove web beacon elements for tracking user behavior within the HTML document. Web beacons are implemented using img, iframe, etc., and can pose security threats by tracking user behavior or linking to malicious sites. |
| Remove HTML Hyperlink Settings | Sets whether to remove hyperlinks included in the HTML document. Hyperlinks can lead to malicious sites or pose security threats through external connections. |
Input Rules and Precautions
- HTML scripts in a way that cannot be detected by the decontamination systemcan cause malicious behaviorIt is generally recommended to configure the removal settings.
- Web beacons are used for collecting user information andBehavior TrackingSince it is used as a tool for attacking purposes,Remove when bringing in internal company documentsis recommended.
- Hyperlinks can lead to malicious external sites or phishing paths, posing security risks.Removal is recommended..
Notes
| Terminology | Definition | Security Threats and Policy Considerations | example |
|---|---|---|---|
| HTML Script | <script>written inside the tagJavaScript codeAn element that gives functionality to a web page | When viewing an HTML documentAutomatic Execution Attack, Download, Popup Inductionand may include malicious activities | Connect to external server and create ad window as soon as the document opens. |
| Web Beacon (Web Beacon) | <img>, <iframe>, <object>using, etc.Sending user viewing information to the serverTracking Tools | Sending personal information such as user location, IP, and viewing time to the serverBehavior Tracking and Information Leakagepossible | Viewing tracking with a transparent 1-pixel image |
| hyperlink | <a href="...">Connecting to external resources such as websites, emails, and files using tags | to malicious sites or phishing pagesInducing AccessPossible. It is possible to induce access to the attack page with just a document click. | Clicking "Participate in Event" redirects to a malicious site. |
- The above settings are
.htmlIt only applies to HTML-based files like this. - Changes can be tracked and restored through the [Policy Change History].