| |||||||||||
 |
 |
| | LinkBack | Thread Tools | Search this Thread | Display Modes |
(#1)
  |
| Member  Posts: 568 Join Date: Dec 2005 Location: Sitting |  Security Threat in 3.30 STABLE - HTML in ticket preview -
14-08-2008, 02:53 PM
Well, I thought this was fixed!!!! HTML is still showing in the ticket preview!
|
| |  |
|
(#2)
|
| Chief Operating Officer  Posts: 905 Join Date: May 2005 Location: Boise, Idaho USA |
14-08-2008, 04:47 PM
The HTML rendered in the ticket preview is subject to the "Settings >> Tickets >> HTML Conversion (Rendering and Staff Alerts)" setting. Keep in mind that there is also a setting that allows certain HTML tags to pass, even if it is set to "Strip Tags." That setting is "Settings >> Mail Parser >> Valid HTML Tags"
------------------------------------------------------------------- |
| | |
|
(#3)
|
| Member Posts: 568 Join Date: Dec 2005 Location: Sitting |
14-08-2008, 04:54 PM
I thought the intent here, like tickets, was to remove HTML. Attached please find my Settings...Tickets HTML conversion settings (both set to strip tags). Below find my HTML conversion from Settings...Mail Parser. Valid HTML tags are: Code: <a><b><i><u><font><hr><strong> |
| | |
|
(#4)
|
| Chief Operating Officer Posts: 905 Join Date: May 2005 Location: Boise, Idaho USA |
14-08-2008, 05:14 PM
Not sure Neal. The contents of that preview are sent through the stripHTMLTags() function, which is supposed to remove all HTML tags except for ones explicitly allowed. If you can send me the HTML contents of that message, I will try to reproduce here. ------------------------------------------------------------------- |
| | |
|
(#5)
|
| Member Posts: 568 Join Date: Dec 2005 Location: Sitting |
14-08-2008, 05:20 PM
Ryan, Worse - why is my TICKET showing HTML now? Is that something new? |
| | |
|
(#6)
|
| Member Posts: 568 Join Date: Dec 2005 Location: Sitting |
14-08-2008, 05:23 PM
Here is the tbody section of the ticket in viewing the source
|
| | |
|
(#7)
|
| Chief Operating Officer Posts: 905 Join Date: May 2005 Location: Boise, Idaho USA |
14-08-2008, 05:30 PM
I'm looking at it. It looks like the regular expressions to remove the tags might be missing some of them. I'll keep you posted. ------------------------------------------------------------------- |
| | |
|
(#8)
|
| Member Posts: 568 Join Date: Dec 2005 Location: Sitting |
14-08-2008, 05:36 PM
But why am I showing an HTML e-mail in the ticket now? Wasn't like that before! Are we supposed to be viewing HTML in ticket views now?
|
| | |
|
(#9)
|
| Chief Operating Officer Posts: 905 Join Date: May 2005 Location: Boise, Idaho USA |
14-08-2008, 07:21 PM
Neal, there is a bug in the "allow html tags" setting: if <i> is allowed, it erroneously matches <img>. Please remove <i> from the list and you should not see images any more.
------------------------------------------------------------------- |
| | |
|
(#10)
|
| Member Posts: 568 Join Date: Dec 2005 Location: Sitting |
14-08-2008, 07:28 PM
Ryan, Please answer this question! Why is my ticket view now showing HTML? It has NEVER done this before! |
| | |
|
(#11)
|
| Chief Operating Officer Posts: 905 Join Date: May 2005 Location: Boise, Idaho USA |
14-08-2008, 07:33 PM
I just did answer it: 1. The "allow html tags" setting was non functional before this build - that is why you never saw bold, italics, etc. 2. The <i> allowed tag erroneously matches <img> and <input>. We are working on a fix now. ------------------------------------------------------------------- |
| | |
|
(#12)
|
| Member Posts: 568 Join Date: Dec 2005 Location: Sitting |
14-08-2008, 07:39 PM
Okay, I thought we were talking about the ticket "preview" vs. the actual ticket view itself. Two separate issues. I will remove <i> from the list but that doesn't explain to me why I'm viewing an HTML e-mail in the actual ticket, NOT the ticket preview.
|
| | |
|
(#13)
|
| Chief Operating Officer Posts: 905 Join Date: May 2005 Location: Boise, Idaho USA |
14-08-2008, 07:43 PM
You're not actually viewing a complete HTML e-mail, you're viewing the *allowed* HTML such as bold, italics, etc. The rest is stripped out. The reason you're confused is that the "allowed tags" setting had no effect in previous versions, so the bold, etc were always stripped. ------------------------------------------------------------------- |
| | |
|
(#14)
|
| Member Posts: 568 Join Date: Dec 2005 Location: Sitting |
14-08-2008, 08:12 PM
FYI - I'm also getting HTML e-mail notifications, good or bad (alerts). Nothing wrong with it, just letting you know that seems to be new too.
|
| | |
|
(#15)
|
| Chief Operating Officer Posts: 905 Join Date: May 2005 Location: Boise, Idaho USA |
14-08-2008, 08:28 PM
Try turning off the allowed tags. You shouldn't get ANY HTML under those circumstances.
------------------------------------------------------------------- |
| | |
|
| Tags |
| 330, html, preview, stable, threat, ticket |
| Thread Tools | Search this Thread |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| 3.30.02 STABLE Released | Ryan Lederman | News and Announcements | 0 | 13-08-2008 09:47 PM |
| Ticket hover preview STILL showing HTML | NC Software | SupportSuite, eSupport and LiveResponse | 9 | 15-05-2008 02:08 PM |
| Hover ticket preview a potential security threat | NC Software | SupportSuite, eSupport and LiveResponse | 26 | 17-04-2008 10:25 PM |
| New Build: 3.10.02 STABLE | Ryan Lederman | News and Announcements | 0 | 05-03-2007 08:53 PM |
Linear Mode
