Google has announced that it will ban users of its Gmail service from sending or receiving attachments containing JavaScript from February.
The move, which will come into force on 13 February, is the latest in a long line of attempts to out-manoeuvre hackers and other ne'er-do-wells using attachments in phishing attacks and other sorts of spam.
Experts report: "Gmail currently restricts certain file attachments (e.g. .exe, .msc, and .bat) for security reasons, and starting on February 13, 2017, we will not allow .js file attachments as well. Similar to other restricted file attachments, you will not be able to attach a .js file and an in-product warning will appear, explaining the reason why. If you still need to send .js files for legitimate reasons, you can use Google Drive, Google Cloud Storage, or other storage solutions to share or send your files."
JavaScript can be used to patch systems with all kinds of nasties and represents a logical next step for Google, which more than ever has to be seen as a safe environment for enterprises who want to ditch Windows.
The full list of file extensions not sendable via Gmail includes: .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH - including compressed versions and files with the extensions within a .ZIP or .RAR archive.
Gmail also blocks password protected files and archives as these, too, can be used to send malicious payloads. In reality, however, the age of instant messaging, cloud storage and collaboration features means that there isn't really any need for sending attachments by mail in the first place, and given that even with legitimate intent, they create multiple copies which clog up servers, businesses still operating this way need to rethink their approach anyway.
JavaScript has loads of applications in mischief-making like this recent Hamburglar attack on McDonald's. Of course, JavaScript has a gazillion and one legitimate uses, with a recent survey showing that the average Stack Overflow user is a JavaScript programmer, who likes Star Wars.
