Skip navigation

Helping Users Work with OWA’s HTML Restrictions

Some of my company's employees use an application that sends messages that contain complex HTML, including scripts. These messages don't always display or behave properly in Outlook Web Access (OWA). How can I help users work around this problem?

OWA 2003 filters some HTML tags and constructs. This behavior is deliberate: Any scripts or ActiveX objects that display in an OWA message body will execute in the user's security context within OWA. That means, for example, that a malicious script can steal information about other messages or otherwise leak or damage information. To prevent this type of problem, OWA restricts the display and processing of scripts, embedded objects, and the HTML tags that control them.

If the content that your application produces is important, you can tell users to access it through another method. Better yet, make the application output the complex HTML to a file on its Web server, then send a message that contains only a link to that file. That way, users can see the link in OWA and open it in a browser when necessary.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.