Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Script in ticket being parsed out

Hi Guys

Using Osticket v1.9.14-16

When trying to paste a script into the web ticket creation from the client side I'm getting a situation where the script is getting parsed and the end result is a ticket with an incomplete script.

Sample Ticket Creation

http://imgur.com/gallery/HrdTh

It seems to be breaking/parsing out the "<" in the first IF statement

Can some one help me figure out why is it getting parsed out.

Thanks


Comments

  • I would presume that its being parsed out because allowing code to be injected would be a pretty big security risk.

    You could try sanitizing is by changing <> to the html character entities. the and symbol followed by lt; etc.
  • As an after though if that wasn't clear see this:
    http://www.w3schools.com/html/html_entities.asp
    It should clear up what I mean.
  • edited November 2016
    Thanks ntozier

    What I've found is that it is parsing out anything that proceeds a "less than" symbol

    Test < Test

    So the above text when posted to osticket will look like this below in the resulting ticket

    Test

    I tried using lt; and ampersand but it still get's parsed.

    I'd like to know if anyone can point me to the file that contains the code that does the preg_replace of the < symbol.


Sign In or Register to comment.