Skip Navigation
Opening file attachments without executing the code in the file
Answer ID 2202   |   Last Review Date 12/18/2018

How do I open file attachments without executing code that may be included in those files?


File Attachments
Oracle B2C Service, All versions


When working with file attachments, users should be careful when opening files which may contain code that will be executed.

Of particular concern are executable files (.exe) which, when opened, can perform any operation on your system. It is recommended that executable files be deleted from the incident.

The following file types may pose a threat since a malicious user could embed javascript code inside the file that could be used to obtain information contained on the incident page from which the file was opened:

html files (.htm)
javascript files (.js)
behavior files (.htc)
cascading style sheets (.css)
text files (.txt)

When opening files of these types, Internet Explorer will be used to open the file and will execute any javascript contained within the file.

Instead of clicking on the file attachment link for these types of files, it is recommended that the user instead right-click the link and save the file. After the file has been saved it should be examined inside of a text editor such as Notepad.