G

elements classes are not removed from blog body when cleaned

Element classes should be removed from blog body (except the one explicitly set by the backend), as it could lead to potential security issues (using web frontend CSS could lead to unexpected behaviour, like simulating a password field).

Vous n'êtes pas connecté⋅e. Merci de vous connecter pour commenter.

id

389

author

Goffi

created

06/07/2021 17:31

updated

06/07/2021 17:31

labels
blog security
type
bug
status
queued
priority
normal
milestone
0.7
severity
normal