WordPress.org

Ready to get started?Download WordPress

Forums

Prevent HTML in Comments (3 posts)

  1. worchyld
    Member
    Posted 9 years ago #

    I'm a bit of a newbie with wordpress, and I was playing around with the layout and css to get the look I wanted, after some testing I noticed that on the comments its says that HTML is allowed and there are certain tags you can use.
    I've customised the comments textarea bit so that it limits you to entering 200 characters, but I'd like to know if its possible to prevent ALL html, including UBB codes.
    If so, how does one do this? I'm concerned that people can put in any old junk into my comments, and I want to restrict formatting as much as possible, perhaps even to the extent where the comments will only accept certain characters, like this;

    0-9|a-z|A-Z|!"£$%&*()[]+-=/?.,{}@:;'

    How does one achieve this?
    On a side-note, I noticed the search box uses GET rather than POST, why is this and is it safe to do this? Does W/P take any precautions with the GET-ed data (such as anti XSS-stuff)
    Thank you very much for your help!

  2. worchyld
    Member
    Posted 9 years ago #

    I may have found an answer to the prevention of html in comments;
    URL:
    http://faq.wordpress.net/view.php?p=44
    Now, I'm just wondering if anybody has any clues on the XSS side of the search box?
    Thanks for your help.

  3. chuyskywalker
    Member
    Posted 9 years ago #

    Anti - XSS?
    What is XSS, btw?
    Aside from that, using a "GET" is no less safe than using a "POST" in general terms. A post is only *slighly* hard to spoof. Besides which, I am fairly certain that the search is mysql_escaped before being passed, thus preventing and sql-insertion vunerabilities.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.