Hi,
Is there any way to ignore HTML tags and commands in tickets opened, due to html tags and commands taken by osticket?
Enable Rich Text: have been disabled

    mrck123

    That’s what plain text does. It doesn’t render any HTML tags (ie. ignores them). If you mean completely remove them then no, that’s not possible.

    Cheers.

      so if I am not able to remove them will I not be vulnerable to HTML injection?

        The system doesn't execute the HTML it tries to sanitize and store it in the database.
        When you click on a ticket it tries to display it to you.
        Again your browser isn't processing it because its just text.

        Can you still fall victim to a bad payload? sure.
        But you would have to go to the bad (payload) site in the link.

        Write a Reply...