The topic of XSS vulnerability came up in an internal discussion about
our pending upgrade to 3.8.x. We ran across a (very) old mailing list
post about RT 2 having XSS protections, nothing obvious since. Using
an “xss scriplet” one of the guys dug up I posted it into the message
box and created a new ticket. The resulting ticket displayed the
definitely some level of XSS prevention built into RT.
Any gotchas I should know about?