[Vtigercrm-developers] crsf

[Uma S]

Hi Stacey,

Thanks! for notifying us about this issue.

I have created a trac
<http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/8355#ticket> for this. We
will look into this soon.

On Thu, Nov 27, 2014 at 7:46 PM, Stacey Johnson <stacey.johnson110 at gmail.com
> wrote:

> It really reasonable to attach this script to the outgoing emails? Why it
> working in workflows emails but not in emails templates? Can you (or
> anybody) confirm that email sent through workflows is not readable and
> subject to inclusion in Access Count? I have the same situation in two
> independent installation without any changes in code.
> Help appreciated
>
> Stacey
>
> On Thu, Nov 27, 2014 at 8:28 PM, Uma S <uma.s at vtiger.com> wrote:
>
>> Hi Stacey,
>>
>> This is added to avoid security attack through csrf (cross site request
>> forgery).
>>
>> On Thu, Nov 27, 2014 at 4:54 PM, Stacey Johnson <
>> stacey.johnson110 at gmail.com> wrote:
>>
>>> While creating email in workflows, vtiger adding following script:
>>>
>>>
>>> *<script type="text/javascript">if (top != self) {top.location.href =
>>> self.location.href;}</script><script type="text/javascript">var
>>> csrfMagicToken =
>>> "sid:2178860adb57f7667acab4a5af38e801ec39c421,1417087292";var csrfMagicName
>>> = "__vtrftk";</script><script src="libraries/csrf-magic/csrf-magic.js"
>>> type="text/javascript"></script>*
>>>
>>> What is it for and how to stop it?
>>>
>>> Regards
>>> Stacey
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>
>>
>>
>> --
>> With
>> Best Regards
>> Uma.S
>> Vtiger Team
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>



-- 
With
Best Regards
Uma.S
Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20141128/4a242a45/attachment.html>