Gmail will start blocking JavaScript attachments in February

Starting on February 13, Google will block any mail attachments with a .js extension sent via Gmail. JavaScript files will join a long list of file types banned from the service, but users can still share them through Google Drive if they need to.

The security update responds to increasing concerns over the solidness of JavaScript regarding platform safety.

Hackers have started to use this kind of files to send malware and other potentially dangerous software hidden beneath it.

Google’s campaign for a better, safer user experience online continues with the enhancement of Gmail’s defense walls, while in other fronts it fights against bad ads and scammers across the World Wide Web.

Hackers like to use JavaScript files to hide malware

Once you try to attach a .js file to a Gmail message, the email platform will immediately show a message in bold red letters on the lower tab saying the attachment was “blocked for security reasons!”

The full error message reads “THIS MESSAGE WAS BLOCKED BECAUSE ITS CONTENT PRESENTS A POTENTIAL SECURITY ISSUE,” and it displays along with a Help link that explains more in detail why the system is not allowing the sending of the file.

Gmail will restrict js file attachments
Gmail will restrict js file attachments. Image: Google.

In JavaScript’s case, the reason is simple: It has become just too dangerous for its right, or at least enough to be a persistent issue noticeable by Google engineers and consumers alike.

Hackers may use .js files as malicious attachments containing hidden malware that infiltrates user computers or email inboxes in search of valuable personal information.

Over 30 other file types are banned from Gmail

When you click on the help link provided by Gmail when you try to attach prohibited file type, you can read a full rundown of the platform’s safety policies regarding restricted extensions.

The system filters certain types of documents and attachments to protect users from potential viruses and other harmful software that may be lying underneath seemingly inoffensive messages.

Gmail’s blacklist includes .ade, .adp, .bat, .chm, .cdm, .com, .cpl, .exe, .hta, .ins, .isp, .jar, .jse, .lib, .lnk, .mde, .msc, .msp, .mst, .pif, .scr, .sct, .shb, .sys, .vb, .vbe, .vbs, .vxd, .wsc, .wsf, .wsh, and now .js files.

Compressed files in .zip formats that contain any of these extensions within them will also be detected and stopped before sending. If a password protects them, you cannot send them either.

How can you send JavaScript files then? 

There is a way around this, though, as Google itself proposes you can share JavaScript files and other documents in Google Drive or host them in Google Cloud Storage if it is necessary.

Source: Google


  1. First off I would like to say great blog! I had a quick question which
    I’d like to ask if you do not mind. I was curious to know how you
    center yourself and clear your head before writing.
    I’ve had trouble clearing my mind in getting my thoughts out.
    I truly do enjoy writing however it just seems like the first 10 to 15 minutes are generally
    lost just trying to figure out how to begin. Any ideas or hints?