Since Carerix version 5.0.241 any HTML file you click on in an attachments-tab will not be opened anymore but just downloaded. You can still open the file like you're used to after it's been downloaded, Carerix just won't do it for you automatically anymore.

Security

The reason for this change is that a malicious person can put some unsafe code in an HTML file and clicking on such a file in Carerix would execute the malicious code. This can for example happen when a User wants to quickly check the LinkedIn profile which is located in the attachments as an HTML file. With our solution this won't be possible anymore.

Solution

To prevent this from happening we've opted for a way where a file with the .html extension will be downloaded in the future. This will make sure it won't be executed immediately and any malicious code will not be executed. 

It is still possible in Google Chrome to have to file execute immediately on download.
You can do this as follows.

  • Download an HTML file in Chrome
  • Click on the upwards pointing arrow
  • Now select the options 'Always open files of this type'

____
Keywords: UD-3080 

Did this answer your question?