No more JavaScript as email attachments as gmail blocks it.

As of earlier this week, anyone who tries to send a .js (JavaScript) file attachment via Gmail will be out of luck, as they’re now on Google’s list of restricted file types for attachments.

That means that GMail users can’t send or receive emails with .js file attachments. Anyone sending a .js file to a GMail user will find their email bouncing back to them with an explanation of why it wasn’t delivered.

JavaScript joins an ever-growing list of file types, including .exe and .bat files, that Gmail won’t allow.

This is very good news for us, but this change might prove to be a minor annoyance to a few website or JavaScript developers.

If you try to send an email with a .js attachment, Gmail will give you an error message letting you know that your file type isn’t allowed and was “blocked for security reasons”. As an alternative, Google will suggest using outside storage, like Google Drive or Dropbox, and linking to the file from within the email. (There’s no getting around this by zipping up your file either, as Google will take a look inside the compressed file to check.)

Last year we saw a noticeable rise in malicious JavaScript email attachments but now it seems that users might finally be getting wise to the threat of malicious Microsoft Office files.

Attackers are well aware many Windows user’s computers are configured to run them by default using Windows, Windows Script Host (WSH), granting the malicious script a lot of the same run privileges as an executable, hence they switched to using JavaScript files.

For Windows users, it is recommend changing the Windows default behavior to open JavaScript files (.js, .jse) with Notepad, and not WSH.

It is strongly recommend enabling the view of file extensions (so often hidden by default!) so you can see exactly what kind of file type you’re dealing with, mitigating the risk of running a malicious file by accident, regardless of the operating system you run.

Share This: