Email Security - Parse email body for malicious content

33 views
Skip to first unread message

Alan Wells

unread,
Jun 20, 2019, 10:19:58 AM6/20/19
to Google Apps Script Community
Will getting the email body as plain text insure that there is nothing malicious left in it?  Or should the body content be parsed for something more?

var emailBody = thread.getPlainBody();//Get the email body as plain text

I'm creating a simple web app to view any emails that I don't want to click on to open.  Unfortunately, I might sometimes not know if an email is from a legitimate contact, or spam, or otherwise.  So, the web app will get the email body as plain text and show it in the web app.  That way I can read the email without opening it, or even clicking on it in any way.  Not even to click the check box.  Then the web app can move it to spam.
GmailApp.moveThreadToSpam(thread);
I know that one pixel transparent images can be put into emails, but not sure about anything else.

Clark Lind

unread,
Jun 21, 2019, 8:26:31 AM6/21/19
to Google Apps Script Community
I'm thinking that should be safe enough. If you truly want to be paranoid, you could split the string and just display the two parts concatenated.

Alan Wells

unread,
Jun 21, 2019, 2:49:23 PM6/21/19
to Google Apps Script Community
Emojis don't get taken out of plain text.  I have no idea whether they would be a security risk, but I found a way to strip them out. 
Reply all
Reply to author
Forward
0 new messages