The font size input fields do not properly validate input types. When special characters or JavaScript code is entered (e.g., "alert('test')", "<script>", "abc123"), the field accepts the input without validation feedback. While the backend sanitization eventually corrects the value (resetting to default), the user receives no feedback about the invalid input, leading to confusion about what happened to their entered value.

Steps to Reproduce:

Navigate to: Administrator > Templates > Styles > Cassiopeia Extended - Default > Font Settings

Triple-click "Body Font Size (rem)" field to select all

Type: alert('test')

Click: Save button

Result: Value reverts to default (1) with no error message shown to user

Expected Result:

Real-time validation feedback as user types

Error message displayed before save attempt

Invalid characters highlighted in red

Clear message: "Font size must be a number (e.g., 1.5, 2, 0.8)"

Actual Result:

Input accepted without warning

Save silently corrects the value to default

No user feedback about what went wrong

User confused about why their input was rejected

Root Cause:

Missing HTML5 input type validation (type="number" not enforced)

No client-side JavaScript validation

No user feedback mechanism for validation errors