Skip Navigation
Expand
PHP and Javascript code delivered in the body of the email
Answer ID 9516   |   Last Review Date 01/14/2019

Can Javascript or PHP code be executed in a console if delivered in the body of the email as a part of HTML/CSS formatting?

Environment:

HTML, Email, Oracle B2C Service, All supported versions

Resolution:

PHP can only be executed on a server. Once executed on a server, it produces HTML output that can be viewed on a client side. End user never faces PHP code on a client side as PHP is a server side scripting language. If for some reason PHP code will be added into the body of the email as a part of an HTML/CSS formatting it will be processed as plain text and will not be executed.

Javascript is a client side scripting language and can be executed in the user's browser but only in the case if script execution is allowed. However, due to security reasons script execution is not allowed in all major email clients and as well is not allowed in the product for all incoming emails. Any javascript code that was added into the body of the email as part of an HTML/CSS formatting will be processed as a plain text and will not be executed.

The end result is that Javascript or PHP code cannot be executed in a console if delivered in the body of the email as part of HTML/CSS formatting.

On the other hand, file attachments may contain executable files and pose a threat. For more information about how to open file attachments without executing code, refer to Answer ID 2202: Opening file attachments without executing the code in the file.