CSteipp has uploaded a new change for review. Change subject: (bug 42202) Validate editfont before embedding it in CSS ......................................................................
(bug 42202) Validate editfont before embedding it in CSS If the editfont preference somehow had a value like "foo; color: blue", we have a CSS injection problem. Normally preference validation should protect against that, but the API module for setting preferences doesn't perform any validation. Change-Id: I5c12aa9a48bf4f6ea4a8fb44554d13189e7757fb --- M includes/resourceloader/ResourceLoaderUserCSSPrefsModule.php 1 file changed, 4 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/73/36073/1 -- To view, visit https://gerrit.wikimedia.org/r/36073 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5c12aa9a48bf4f6ea4a8fb44554d13189e7757fb Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_20 Gerrit-Owner: CSteipp <[email protected]> Gerrit-Reviewer: Catrope <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
