When Im posting a text like this: <code>telnet <hostname> <port></code> then the manually escaped characters and contained words disappear.
HTML escape issue in knowledgebase
We do HTML Balancing/Sanitization so things like <code> blocks will be removed. We do this to help prevent XSS and other similar attacks.
The best way to add code to replies is by using the HTML special characters for each special character within the "HTML" option (ie. the <> button) of the text editor (eg. <code>telnet &lt;hostname&gt; &lt;port&gt;</code>). If the content you added is still stripped after using HTML special characters then it's simply not allowed via the HTMLawed configurations. You can always modify the code to your liking however you'd be proceeding at your own risk and will likely open yourself up to attacks like XSS, etc.
Cheers.
I was using the HTML option to be able to use the code tag. In your answer it was escaped twice now.
If it would be Markdown I just want to write telnet <hostname> <port>. Is this possible in the KB?
lol, this forum supports Markdown :-) Would be also nice in the Knowledgebase.
- Edited
- Best Answerset by gergap
I was using the HTML option to be able to use the code tag.
Ah, I see, then it's simply the < and > characters throwing it off. When you do something like <word> the HTML balancer/sanitizer either sees it as invalid HTML or a non-allowed HTML tag and strips it (and any content between it). You're better off using something like telnet [hostname] [port] instead. With this being said, we do have "code block" support on our Feature Request list. This feature in theory would not strip any code within code blocks; meaning treating it as plain-text.
We've never supported markdown in osTicket; only plain-text or rich text (HTML). Markdown support is a feature that has already been requested before and is on our internal Feature Request list for possible future development. Doesn't mean it'll ever be implemented just on our Feature Request list for internal discussion/decision.
Cheers.