Comments are not proper filtered (1 post)

  1. J_25
    Posted 7 years ago #


    I've spotted this a while ago(maybe from version 2.3) but never reported because I hoped it will be fixed on the next release...

    NOTE: This will not be an issue if javascript is not enabled.

    But not everyone has enough time to check every "Thank you! Great post!" comments especially when they have a huge visitor/commentator number so they will select the option "Comment author must have a previously approved comment".

    To check this issue out:
    Log in into your wp blog and submit this comment:
    <script type="text/javascript">alert('bump');</script>

    after the comment is submitted and the page reloads you'll see the alert window.

    then go to your admin panel to edit/delete this comment; you'll see that when displaying the comments page that alert window is displayed once again.

    Imagine 200 of this alerts now....

    I really hope someone will fix this asap(by filtering any javascript input in comments).

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.