From 958dfce63f3225e9393337317f1de5d88a3cc18d Mon Sep 17 00:00:00 2001 From: Vipin Shrivastava Date: Wed, 8 Dec 2021 11:31:19 +0530 Subject: [PATCH 1/2] updates for create ticket-editor --- Controller/Ticket.php | 2 +- .../Snippets/createMemberTicket.html.twig | 21 +++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/Controller/Ticket.php b/Controller/Ticket.php index 410d3cdf8..baa61f5e9 100755 --- a/Controller/Ticket.php +++ b/Controller/Ticket.php @@ -236,7 +236,7 @@ public function saveTicket(Request $request) 'subject' => $ticketProxy->getSubject(), // @TODO: We need to enable support for html messages. // Our focus here instead should be to prevent XSS (filter js) - 'message' => strip_tags($ticketProxy->getReply()), + 'message' => str_replace(['<script>', '</script>'], '', htmlspecialchars($ticketProxy->getReply())), 'firstName' => $customer->getFirstName(), 'lastName' => $customer->getLastName(), 'type' => $ticketProxy->getType(), diff --git a/Resources/views/Snippets/createMemberTicket.html.twig b/Resources/views/Snippets/createMemberTicket.html.twig index d3240bed9..9f5156411 100644 --- a/Resources/views/Snippets/createMemberTicket.html.twig +++ b/Resources/views/Snippets/createMemberTicket.html.twig @@ -58,7 +58,7 @@
- +
{{ 'Ticket query message'|trans }} @@ -382,6 +382,7 @@ var validationParameters = true; {% endif %} +{{ include("@UVDeskSupportCenter/Templates/tinyMCE.html.twig") }}