Hello Team,

Issue: If the email content has data with in angular bracket <> its is getting completly stripped.

I see below bugs raised for the same.
https://github.com/osTicket/osTicket/issues/4240
https://github.com/osTicket/osTicket/issues/4240

My query is if i disable decoding as pointed out here to fix this issue.
how serious is the issue of XSS for email based content ? Usually email client are good at handling this.

  • KevinTheJedi replied to this.
  • kirandev92

    You can do as you please but you will do so at your own risk. Those safeguards are in place for a reason. If you only accept email it will be less of an issue however you never know what hacks people can come up with. It’s best to leave it enabled but again you can do what you want. Proceed at your own risk.

    Cheers.

    kirandev92

    You can do as you please but you will do so at your own risk. Those safeguards are in place for a reason. If you only accept email it will be less of an issue however you never know what hacks people can come up with. It’s best to leave it enabled but again you can do what you want. Proceed at your own risk.

    Cheers.

    Write a Reply...