You are not logged in.
When I create a ticket and enter a URL with a title containing the character ">", this is handled correctly at the ticket edit time, but not after the creation of the ticket, where this character seems to be regarded as the end of the "<a>" tag.
For instance, if I enter "mot1 > mot2" as the URL title, the generated HTML is of the form: <a> mot2" href="http://localhost/">link text</a>
and the generated mail has text: mot2" href="http://localhost/">link text
There might be some security issue if this makes possible to inject HTML/Javascript code.
Note: The web site where GLPI is installed says at the bottom of the ticket page:
GLPI Copyright (C) 2015-2020 Teclib' and contributors
FusionInventory 9.5.0+1.0 - Copyleft © 2010-2019 by FusionInventory Team
Offline