Opened 4 years ago
Last modified 4 years ago
#55916 new defect (bug)
Font size in post editing is not validated
| Reported by: | | Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 6.0 |
| Component: | Editor | Keywords: | |
| Focuses: | Cc: |
Description
In the post editing page, the font size is constrained by front end HTML 'type=number'.
However, this font size can be changed by intercepting the requests. And the resulted HTML will contain the font size making no sense:
<p style="font-size:aaapx">User’s blogs</p>
This may result in data corruption or web injection.
Note: See TracTickets for help on using tickets.