Further Security-Relevant Information

Computer Viruses and Cross-Site Scripting

TREX does not check original documents for viruses and possible cross-site scripting. Cross-site scripting involves taking advantage of security gaps that appear due to the use of script languages in HTML pages. An example of cross-site scripting is thee transfer of parameters to the CGI scrip of a Web site, causing the Web site to send false data to users.

TREX processes the document content in the existing file format but saves the indexed documents in a different format. TREX converts the document content into UTF-8 coded HTML and stores it in this format for later use (for example, displaying document content with highlighted search terms). The script codes contained are not indexed or stored in any format. The conversion to HTML ensures that no viruses (such as macro viruses) or script codes remain in the document stored by TREX.

However, the conversion to HTML is only successful for documents that are not written in HTML. HTML documents are not converted; they are reconstructed in full along with any contained script codes when the documents are depicted.