From: DeskNow Knowledge Base

When opening some emails in my web browser, I see this text: DN_XSS_NEUTRALIZE

This text indicates that DeskNow has blocked javascript code that is embedded in HTML emails.

This prevents potentially dangerous code to be run in your browser, pretending that it comes from your DeskNow server, and thus being able to act on your email account. This is a problem generally known as cross-site scripting (XSS), which is common to every web based application.

The DN_XSS_NEUTRALIZE string replaces some of the comon javascript commands, thus effectively disabling js.

You can disable XSS prevention in Preferences/Mail/Allow script code in emails