Hi Support, Is it possible to enable input validation/input sanitization or disable inline scripting to avoid code injection in text fields (such as issue summary/description) while someone is creating ticket, without disabling HTML Formatting?
abeermuh
That’s already in place. We have HTML balancing, HTML filtering, and HTML sanitization using HTMLawed.
Cheers.
Hi Kevin,
How we can use or enable then to avoid code injection? Could you please walk me through the steps?
They are enabled by default. There are no settings that you need to change.
It does not seem to be the case as during our VA assessment, code injection was found to be active.
You can submit any security reports to the email listed here:
However, it found to be activated after disabling rich text but disabling rich text is impacting the tickets text formatting. Is there any other way to enable HTML sanitization?
