What happens when I extend 'valid elements' for the TinyMCE to, for example, allow <script>.
How does this effect posting comments since some comment areas have basic TinyMCE functionalities. Will visitors be able to use <script> as well?
[resolved] [closed] Same ' valid items' with posting & comments? (4 posts)
-
MissYeh
Posted 2 years ago # -
Mark / t31os
Posted 2 years ago #I'd not recommend it, or you'll be back within a few months posting "My site got hacked!"...
Potentially people could be doing...
<script type="text/javascript" src="http://www.mydodgysite.com/somedodgyscript.js"></script>What do you need that can't currently be done?
-
Posted 2 years ago #Hi t31os_, thanks.
I am aware of the security risk. Therefore I need to know if WP treats (filters) comments made by guests differently than posting a post as admin.
As an admin I need to add some <script> elements in the pages and posts but guests should absolutely not be able to use this element when posting comments.
Could you highlight me on this issue t31os_? :)
Kana
-
Posted 2 years ago #I don't know in total honesty...
I don't write the WP code after all (and there's lots)... :)
What exactly do you need to add, there may be an alternative.
[mod edit] No further response from original poster, closing thread.
Topic Closed
This topic has been closed to new replies.
