SpeakUp! Email Petitions
[resolved] How to disable "script-tags" in a input field? - Alert box problem (5 posts)

  1. Serkan
    Posted 3 years ago #


    An alert box has been appearing on a (WP) website of my client for a few weeks; I have already found out why. This happens because a funny person has put a <script>alert</script> into one of the input fields.
    I have removed it from the database currently; but, how is it possible to disable this function?

    [removed by mod] Here the link to the website with the petition if necessary.

    Thanks in advance


  2. Gene
    Posted 3 years ago #

    It's not a good idea to advertise a link to an active xxs vulnerability on your own site. I'd suggest not using the plugin until the vulnerability is patched.

    I realize that you didn't recognize it at the onset but generally speaking it's better to notify plugin authors privately regarding security vulnerabilities rather than posting about them in a public setting.

    Hopefully a mod will see this and remove the link (modlook attached)

  3. Serkan
    Posted 3 years ago #

    You're right, I haven't thought about it.

  4. Kreg
    Plugin Author

    Posted 3 years ago #

    This is fixed now - see version 2.4.2

  5. Serkan
    Posted 3 years ago #

    Thank you.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • SpeakUp! Email Petitions
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic