The script included in the ticket text area is not visible

  1. we are submitting freshdesk app to the market place. freshdesk QA raising the bug as The script included in the ticket text area is not visible.

please find the Error
Enter the script “Script” alert(“nshh”);"/Script" tag form in the disposition text area - create a ticket - Observe
Actual Result:
The script is missing in the ticket description
Expected Result:
The script should be visible

we are passing request as
Ex:

 "url": "https://xxxx/tickets/2112/notes",
  "method": "POST",
  "headers": {
    "Authorization": "Basic XXXXXXXXXXX",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify({"body":"<b>hi</b>:"script tag"alert(data)"script tag"","private":true}),
};

Responce:

{
    "body": "<b>hi</b>:",
    "body_text": "hi:",
    "id": 26070212645,
    "incoming": false,
    "private": true,
    "user_id": 26000123185,
    "support_email": null,
    "ticket_id": 2112,
    "to_emails": [],
    "created_at": "2021-12-13T13:54:54Z",
    "updated_at": "2021-12-13T13:54:54Z",
    "attachments": []
}

Ticket note is not updating with the <script> Tag

1 Like

@Konanki_Prakash ,
Ideally, Freshdesk API will remove the unwanted scripts which lead to Cross-site scripting attacks,
so it is the correct behavior

Hope it helps :slight_smile:

Thanks

@Santhosh ,

Thanks for the response. the problem was solved we have restricted users to enter HTML Tags in the textarea.

1 Like