We are near releasing Freshservice, and I recently discovered a security flaw. Users can change the requester's field to email. This is risky because a user can impersonate another during ticket submission.
I discovered this script below, but it does not work all the time. There are multiple times the browser must be refreshed before the requester field becomes read-only. Can your developer team please make it an option to make this field read-only?
jQuery("#helpdesk_ticket_email").prop( "disabled", true );