Show HTML in tickets by default
Idea shared by Speednet - February 22 at 2:40 PM
Locked
Proposed
For reference, this topic was briefly discussed a few years ago in this thread: https://portal.smartertools.com/community/a982/how-to-enable-html-content-in-ticket-thread.aspx

I am guessing that HTML has not been shown by default out of security concerns.  Just a guess, because I haven't seen any employees weigh in on this.

However, the security issue can be mitigated by running a filter over the HTML before it gets shown (removing all scripts, iframes, objects, etc.).

Adding the ability to see HTML content by default would be extremely useful, and removes unnecessary extra steps now required by agents.

My suggestion has four parts:

  1. Add an option to be able to turn on "View HTML" by default in tickets.
  2. Add an option for which HTML element types to KEEP in the document, as a comma-delimited string (all other elements would be removed).  My suggestion is the following elements will be allowed: "p,div,h1,h2,h3,h4,h5,h6,br,blockquote,hr,pre,table,thead,tbody,tfoot,tr,th,td,ul,ol,li,dl,dt,dd,b,i,u,strong,em,abbr,cite,code,del,dfn,ins,kbd,q,s,samp,sub,sup,var".  These are all structural or built-in font styles, so they are all considered safe.  Allowing things like a head section or styles (as well as obvious things like scripts or objects) is unsafe, because they can allow injection of something that an agent will see in their browser.  Even an image is "unsafe" because it can be inserted by a user as a beacon.
  3. Add an option for which HTML attributes to KEEP in each element.  Every other attribute would be dropped.  This can either be a stand-alone option, or can actually be combined with option #2 above.  It might be useful to combine with option #2, because that would allow granular control over which attributes are allowed within each element.  You can see an example of this when configuring a TinyMCE editor control using the valid_elements option: https://www.tiny.cloud/docs/configure/content-filtering/#valid_elements.
  4. Add an option for custom styles to apply to the tickets' HTML.  Some might think this is redundant because you can add custom CSS to each brand, but it would actually be useful to be able to apply different CSS styles to each ticket template, knowing that each template might have different HTML associated with it.

1 Reply

Reply to Thread
0
Andrew Barker Replied
Employee Post
Thanks for your input. In the community, this feature is being discussed in Enable HTML Content in Ticket Thread by Default. Please add your comments there so that we can keep the conversation in one place. You may also want to upvote the thread to help us track the popularity of this feature.

In order to encourage conversation to go to the existing thread, I will be locking this thread.

Andrew Barker
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com