You can no longer send JavaScript Files over Gmail starting now
You may already have found this out! If you try to add a JavaScript file as an attachment via Gmail, you will receive a notification that the attachment is blocked. While Google had announced that it was going to block JavaScript attachments a few weeks back, it has been enforced only now.
The move has been triggered by due to the fact that malware has been found hiding in JavaScript in recent years, with the situation escalating over the past few months.
Now, if you try to send a JavaScript attachment using Gmail or if you want to download such an attachment from an older email, you’ll get a new warning saying “Blocked for security reasons.” Alternatively, you’ll also find the message “1 attachment contains a virus or blocked file. Downloading this attachment is disabled.”
Google has been blocking such file types as .exe, .jar, or .pif, to name a few ,since a long time back for security reasons but JavaSript had so far been allowed. Now the head honchos in Google security team have decided that JavaScript was also being used by cyber criminals to spread malware and decided to block it.
“To prevent against potential viruses, Gmail doesn’t allow you to attach certain types of files, including: certain file types (listed above), including their compressed form (like .gz or .bz2 files) or when found within archives (like .zip or .tgz files), documents with malicious macros, archives whose listed file content is password protected, archives whose content includes a password protected archive,” reads Google’s blog post about the situation.
There are some workarounds Google set in place if you really, really want to send a JavaScript attachment, namely by attaching it via Google Drive, Google Cloud Storage, or any other storage solution. That’s mainly because once you upload a file to a cloud service such as Google Drive, it automatically gets screened for viruses and malware, which works even if the file has been archived in a .zip or .rar, for instance.
Then, when you’re sending people the download link, they know it’s supposed to be safe because it’s already been scanned and their risk levels are lower.