Support

Documentation

Security

These options affect the security of the ticket system.

Filtering method

Akeeba Ticket System allows your clients to submit their ticket and reply content using Joomla's WYSIWYG editor which returns HTML. Likewise, accepting new tickets or ticket replies by email means that a client can submit an HTML–formatted ticket. If this HTML is left unfiltered there's a very chance that either accidentally or out of malice someone will exploit this to launch an XSS (Cross Site Scripting) attack which could compromise your site. ATS deals with it by filtering the incoming HTML. There are three filtering options:

HTML Purifier (best protection)

This uses the third party HTML Purifier library. It's marginally slower but provides the very best protection you can get.

Joomla!

This uses Joomla!'s own HTML sanitiser. It's good, it's fast. It's not as good as HTML Purifier, though. Only use this option if HTML Purifier seems to remove content you really want to allow but you do not understand how to configure it.

I want my site to be hacked (no protection)

This options disables protection. The name of this option is deliberately provocative — and accurate. Unless you have

This option is reserved for people who want their site to get hacked and developers who believe they've found a better filtering method than HTML Purifier and don't mind being hacked to disprove their point. No joking here. This option turns off all filtering. It's like jumping off a plane without a parachute. DON'T DO IT! It's not a question of whether you're going to get hacked. It's a simple question of when you'll get hacked.

HTML Purifier allowed tags

For advanced users only. You get to specify which tags and attributes will be kept by the HTML Purifier filter. The default value is:

p,b,a[href],i,u,strong,em,small,big,span[style],font[size],font[color],ul,ol,li,br,img[src],img[width],img[height],code,pre,blockquote

Do not change unless you know what you are doing. If you remove everything from the list the default value will be used (otherwise all posts would end up blank).