Ready to get started?Download WordPress


HTML tags may crush the whole blog (8 posts)

  1. comoestas
    Posted 9 years ago #

    Hi guys :)

    I've got a problem!
    My blog is open, this means that everyone registered may publish posts. Few days ago my friend tried to post the following:
    <meta http-equiv="refresh" content="0; url=http://something.com">

    Unfortunately he succeded: my start page became a redirect page to something.com.

    Did anyone of you encountered such problem?
    What are the solutions for that?

    Thank you very much indeed!

  2. Mark (podz)
    Support Maven
    Posted 9 years ago #

    Login and delete the post

    If that fails, use phpMyAdmin, find the post and modify it there.

  3. comoestas
    Posted 9 years ago #

    I do really understand that. But what can I do to prevent this from happening in the future?

  4. error
    Posted 9 years ago #

    Don't allow just everybody to publish posts. And smack your "friend." :-)

  5. comoestas
    Posted 9 years ago #

    there must be another way. some HTML tags should be forbidden and only few allowed

  6. whooami
    Posted 9 years ago #

    this has actually been semi-discussed in another thread, and I agree with the conclusion reached there :

    If you are going to allow others to post than you take the associated risk. Or you simply dont allow it.

  7. Mark (podz)
    Support Maven
    Posted 9 years ago #

    There is, and I've flagged this to Matt.

  8. Matt Mullenweg
    Posted 9 years ago #

    Posting HTML is a feature. A future version may KSES users below a certain level, until then you should only allow trusted people to post to your blog. Just like you would only let trusted people into your house or let them use your email address.

Topic Closed

This topic has been closed to new replies.

About this Topic