Daddy Posted February 24, 2022 Posted February 24, 2022 Bit disappointed I have to share this info publicly so I'll keep it brief. Using inspect element you can modify text beyond what is allowed through the editor. This shouldn't happen imo and can be easily used to deface websites if used maliciously. Here's some of the "best" case scenarios this is used for. The worst case should be pretty obvious by now. Here is an example, using background color despite the editor not having the option. Even worse, I can set font size to a ridiculous size, thousands of times higher than what the editor even allows.
Management Charles Posted February 24, 2022 Management Posted February 24, 2022 This is not an exploit it is just annoying user behavior. There is a LOT a user can do to be purposely annoying. The editor will allow any safe input and filter out anything that can be dangerous (like JavaScript and such). This is a moderation thing not a security thing.
Recommended Posts