It seems that emails with address lines of this form:
">'><IfRaME>"@example.com
(quotes included, this is a valid email address, I think) cause RT to
be unable to display a ticket. I think this may be a possible cross
site scripting problem or at least some data that should be escaped in
the web interface. Help on how to delete such a ticket would be
appreciated.
Thanks,
Steve
--
Steve Wills, Senior Systems Administrator
WebAssign, http://www.webassign.net/
Phone: (919) 829-8181 x116 Cell: (919) 622 6826
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
