Freigeben über


Message Body property will filter unsafe HTML by default

We are making a change in what is returned by default in the Message Body property.

By default, we will strip any potentially unsafe HTML content from the Body of the Message or Post entity if the ContentType is HTML.

Here is an example of potentially unsafe HTML in the message body and below it you can see the filtered body.

Unfiltered HTML body

  "Body": { 
   "ContentType": "HTML", 
   "Content": "<html><body><b>Bold</b><script>alert('Alert!');</script></body></html>"
 } 

Filtered HTML body

  "Body": {
   "ContentType": "HTML",
   "Content": "<html><body><b>Bold</b></body></html>"
 } 

If you require the un-filtered content, you can continue to get it by providing the following HTTP request header.

  Prefer: outlook.allow-unsafe-html

By default, if the Prefer header is not present, the API will return filtered HTML. The API will only return the unfiltered (and potentially unsafe) HTML if the header is present and set to outlook.allow-unsafe-html.

This change is being rolled out in our production service and will be widely deployed over the next few weeks.

If you have any questions please reach out to us on Stack Overflow using the outlook-restapi tag.

Comments

  • Anonymous
    September 03, 2015
    Any plan to expose tasks throught the new unified REST API ?

  • Anonymous
    September 04, 2015
    Hi Jeremy, are you asking about outlook tasks?

  • Anonymous
    September 04, 2015
    Yes ;-)

  • Anonymous
    September 05, 2015
    Yes I'm asking about Outlook tasks ;-)

  • Anonymous
    September 11, 2015
    Hi Jeremy, it is in our roadmap but no specific timeline that I can share as of yet.

  • Anonymous
    December 03, 2015
    The comment has been removed

  • Anonymous
    June 22, 2016
    Hi Jason, is there a way to request a plain text content for Body?In EWS there is a property for it, in addition to the html version.I see, Matt has already asked a similar question.-A

  • Anonymous
    August 13, 2017
    Will this be auto update or could I get a download