You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
While sending description which contains issue(s) or enhancement(s), our customer services would like to read only a plain text without any html attribute. In this case, when an attacker send a malicious html code which may cause redirection to other pages and do malicious requests, which is often called as CSRF Attacks.
To Reproduce
Steps to reproduce the behavior:
Go to Support Page
Input html code inside the input field
Click on Send button
See inbox
See html code being parsed
Expected behavior
By parsing the users' input into pure unicode text will reduce the potential to CSRF or other attacks.
Desktop (please complete the following information):
OS: Windows 10 OS Version 2009 (Build 19042.985)
Browser Chrome
Version 90.0.4430.212
The text was updated successfully, but these errors were encountered:
Describe the bug
While sending description which contains issue(s) or enhancement(s), our customer services would like to read only a plain text without any
htmlattribute. In this case, when an attacker send a malicioushtmlcode which may cause redirection to other pages and domaliciousrequests, which is often called asCSRFAttacks.To Reproduce
Steps to reproduce the behavior:
htmlcode inside the input fieldbuttonhtmlcode beingparsedExpected behavior
By parsing the users' input into pure
unicodetext will reduce the potential toCSRFor other attacks.Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: