Hi all,When you are in the POST REPLY ticket window and you cut and paste a youtube video URL, such as https://www.youtube.com/watch?v=samplevideo, into the Response section, a preview thumbnail of the video shows up and everything looks great.  However, when you click Post Reply, video is stripped out and the customer only receives the text you entered into the ticket.Is this a known issue?Is there any work around other than using the Insert Link feature and just adding a text link to the youtube URL?Mark

Hey,It's not so much of a bug but rather a security measure, if you want to be able to embed your videos, you'll have to add the tag you're using to embed the video into the allowed list of HTML tags.https://github.com/osTicket/osTicket/blob/55dc25ace736baeaf224ee608cfabc0218022036/include/htmLawed.php

Could you provide a bit more guidance, I didnt understand your response.. I'm not trying to do anything out of the ordinary here, im simply pasting a URL in the message body and OST is stripping it out, how could this be for security measures?  its just a youtube link.I dont know what or where the allowed list of HTML tags are and not sure what to do with the .php file you pointed to on Github. Any clarity would be appreciated.

Q: how could this be for security measures?A: Have you heard of cross site scripting attacks?

no, I have not, and I am sure they are a major security issues.  But I cut and paste youtube URLs into emails at least 10 times per day to many business colleagues and there is no security concerns.  So when I paste a URL in OST why can't it just pass the URL to the customer.  I don't want to embed the videos, I just want to be able to Ctrl-V the URL into the ticket and hit send.. but for some reason when I do paste the URL into the ticket, OST creates a preview of the video.  AND then it removes that video when I sent it to customer.  So why the heck is OST even doing this.  why not just keep it as a URL so it can send without issue?.. The only work around is to use the Insert Link option which is really the exact same thing.. .What am I missing here?

I'll admit i didn't even know that the redactor plugin converted youtube/vimeo links to the embed format.But i have now tested it in our setup and it works both when creating the ticket and when replying to it.As a side note tho, chrome decides to block the webpage redirect when i posted from agent panel as, just as ntozier said it noticed cross site scripting behaviour.Do you have a clean installation of osTicket? what versions are you running (php, webserver and database)?Is there any text pasted from an office application in the text, such as word or outlook?

19 days later

The pasted in youtube links which are converted to embedded format by the redactor plugin look to work ok for new tickets and replying to tickets from the webpage.What I have noticed, and perhaps what helpdeskguy is asking about, is that the email received by the user does not include the iframe or any embed code html so they just receive an email empty if there is no other text.I found another website has 2 components of its embed code when you copy it, one is the iframe and the other a simple text link to the url. This way it gives a fall back to something that will be able to be viewed by email.If someone could confirm the iframe will never make it into email that would be appreciated. Also if there are any suggested code changes to allow this, I'd be happy to try a few things.

2 years later

Hope that this is solved. I'm recording answers as youtube videos and sending it to customers. In the portal it looks ok, but the customers are not getting it.
This is a bug not a security. There is no point to have it embended in the portal and the user is not getting it?

This thread is from 2017.

If you are having a problem then i would recommend that you start by reading and following the posting guidelines located in this thread: Please read before requesting assistance. The more information you give us the better we will be able to assist you. Thank you.

Killing zombie thread with a head shot.

Write a Reply...