Make WordPress Core

Opened 2 years ago

Last modified 2 years ago

#55916 new defect (bug)

Font size in post editing is not validated

Reported by: floridsleeves's profile floridsleeves Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.0
Component: Editor Keywords:
Focuses: Cc:


In the post editing page, the font size is constrained by front end HTML 'type=number'.

However, this font size can be changed by intercepting the requests. And the resulted HTML will contain the font size making no sense:

<p style="font-size:aaapx">User’s blogs</p>

This may result in data corruption or web injection.

Change History (1)

#1 @sabernhardt
2 years ago

  • Component changed from General to Editor
Note: See TracTickets for help on using tickets.