Siebrand has submitted this change and it was merged. Change subject: (bug 42202) Validate editfont before embedding it in CSS ......................................................................
(bug 42202) Validate editfont before embedding it in CSS If the editfont preference somehow had a value like "foo; color: blue", we have a CSS injection problem. Normally preference validation should protect against that, but the API module for setting preferences doesn't perform any validation. Change-Id: I5c12aa9a48bf4f6ea4a8fb44554d13189e7757fb --- M includes/resourceloader/ResourceLoaderUserCSSPrefsModule.php 1 file changed, 4 insertions(+), 1 deletion(-) Approvals: Siebrand: Looks good to me, approved jenkins-bot: Verified -- To view, visit https://gerrit.wikimedia.org/r/36073 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5c12aa9a48bf4f6ea4a8fb44554d13189e7757fb Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_20 Gerrit-Owner: CSteipp <[email protected]> Gerrit-Reviewer: Catrope <[email protected]> Gerrit-Reviewer: Siebrand <[email protected]> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
