freescout
freescout copied to clipboard
freescout-helpdesk
Paste and Copy of formatted text can cause strange behaviour
Problem description
Copy and paste from a word processor into the editor (notes, signature and auto reply tested so far) includes the formatting of the word processor. MS Word 2016 includes a number of complex xml namespace definitions cluttering the inputbox in source view.
Consequences
- We had the situation in one of our mailboxes, where a malformatted signature lead to incomplete rendering of the tickets in the ticket view. Working with the tickets was not possible anymore, most control elements where not rendered.
- In a second mailbox, the extensive markup from MS Word in signature and in the auto reply message had another effect: everything was rendered, but when we tried to remove the extensive markup, our changes have not been written to the database, although we got the message "signature saved" or similar.
Work around
Case 1) could be resoled by just removing the markuped code from the html source view in the editor. For case 2) I logged into the database and issued the following command:
update mailboxes set auto_reply_message='...some plain text...' where id=X;
update mailboxes set signature='...some plain text...' where id=X;
I will do some more tests on this issue.
It is even possible to enter malicious code in the editors in notes, the signature and auto reply.
Prove of concept:
- add a new conversation
- select phone
- Select source view (</>)
- enter note: "evil: "
- Deselect the source view (</>) (the code is executed the first time)
- Press save - the evil code is in the database
- go somewhere else
- open the ticket
- edit the note --> the code is executed again
As a result, arbitary code can be executed in the system and injected to other users. Since the code is not executed in the ticket view, the purifier seems to be involved in this place, however the editor executes the code happily.
This is partly a problem of the editor summernote, where related issues are discussed:
This is partly addressed in summernote 0.8.12 (current version in Freescout is 0.8.9, 4 years old) with this PR
- https://github.com/summernote/summernote/pull/3048
But the problem is not completely solved yet:
- https://github.com/summernote/summernote/issues/4218
- https://github.com/summernote/summernote/pull/3782
- https://github.com/summernote/summernote/issues/4204
However, while I have not found a place outside the editor, where the purifier lets malicious code through, it might be an idea to run the purifier not only on outgoing streams, but also on incoming streams, before user text is saved in the database.
When you paste HTML code, the style information is generated by the program, where you copy the code. The copied code does not contain .css files. Therefore every element gets inline style, which makes the code much larger. 1der1 can parse the style and create the original rules. This way you can reduce the code to a fraction of the copied size. You can even change the rules interactively.
There are other problems like relative links which make them invalid - a problem we fix automatically at 1der1.
If you copy from MS Office, the namespace is NOT HTML5, but XML/HTML4 with special MS Office commands. 1der1 automatically detects the source, when you paste HTML and converts the code.
All these technologies are highly complex. I don't know of any software that can do this as well.
When you do the conversions with 1der1, you can use the generated code in Summernote. 1der1 is free forever.
I have posted a video on LinkedIn (it has 18MB, but the limit here is 10MB): "MS Office to HTML in perfection", which shows the way from MS Office to Summernote. https://www.linkedin.com/posts/lotharbongartz_ms-office-to-html-in-perfection-a-lot-of-activity-6897018301734629376-LR6D
1der1 supports 100 languages. Have a look at this German video: https://www.linkedin.com/feed/update/urn:li:ugcPost:6897633995291541505/
The original issue described in the first message most likely won't be fixed.
The rest discussed a different issue.
