Microsoft Lync Injecting Span tags Into Visual Editor

  • hexified

    (@hexified)


    8 years, 2 months ago

    Hey guys.

    I’ve run into an issue where if a user has Microsoft Lync installed and the browser has the add-ons to incorporate click to dial, and the lync calling features that lync will automatically insert a span tag of tremendous size (many many random characters) and add an telephone icon INTO the visual editor code.

    When I attempt to save a draft because this code is being injected, it does not take the saved changes at all.

    Is this a bug with wordpress itself allowing browsers to inject code into the editor? is this a security risk? how do I fix this?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    8 years, 2 months ago

    That would definitely be a bug with Lync.

    Since the WordPress editor has a Text tab, which will take any code you want to paste into it, and there’s really no way for WordPress to tell the difference between an intentional paste and an accidental one, there really isn’t anything WordPress can do about this.

    The solution would be that Lync shouldn’t just be pasting code into random text boxes.

    Thread Starter hexified

    (@hexified)

    8 years, 2 months ago

    It’s indeed an issue with Lync but also what’s stopping a malicious person from coding up some hidden toolbars that get installed on someone’s machine and it injects code into HTML editors in a similar fashion?

    I assume there must be a way for WordPress devs to adjust the editor so that it only accepts paste commands via right-click or ctrl-v commands with some javascript?

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    8 years, 2 months ago

    WordPress actually already does that. It’s the broken/malicious add-ons which emulate the proper paste behavior.

    Always be mindful of what browser add-ons you install, because you’re essentially giving them permission to do anything within the browser (paste text, track your activities, intercept passwords, etc).

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Microsoft Lync Injecting Span tags Into Visual Editor’ is closed to new replies.