Validation required

Created on 28 February 2019, about 6 years ago
Updated 22 November 2023, over 1 year ago

I can't find validation in the codebase. I used the CKEditor feature with the fake "embed code" of `

alert('hello');

` and the javascript was triggered.

I see the value in being able to provide a token within the WYSIWYG instead of seeing the javascript, but given the page seems to render anything you put in there, that seems like a security risk.

πŸ› Bug report
Status

Closed: works as designed

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States damontgomery

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024