Support » Requests and Feedback » HTML tags may crush the whole blog

  • Hi guys 🙂

    I’ve got a problem!
    My blog is open, this means that everyone registered may publish posts. Few days ago my friend tried to post the following:
    <meta http-equiv=”refresh” content=”0; url=http://something.com”>

    Unfortunately he succeded: my start page became a redirect page to something.com.

    Did anyone of you encountered such problem?
    What are the solutions for that?

    Thank you very much indeed!
    Regards,
    Andres

Viewing 7 replies - 1 through 7 (of 7 total)
  • Mark (podz)

    (@podz)

    Support Maven

    Login and delete the post

    If that fails, use phpMyAdmin, find the post and modify it there.

    I do really understand that. But what can I do to prevent this from happening in the future?

    Don’t allow just everybody to publish posts. And smack your “friend.” 🙂

    there must be another way. some HTML tags should be forbidden and only few allowed

    whooami

    (@whooami)

    Member

    this has actually been semi-discussed in another thread, and I agree with the conclusion reached there :

    If you are going to allow others to post than you take the associated risk. Or you simply dont allow it.

    Mark (podz)

    (@podz)

    Support Maven

    There is, and I’ve flagged this to Matt.

    Moderator Matt Mullenweg

    (@matt)

    Troublemaker

    Posting HTML is a feature. A future version may KSES users below a certain level, until then you should only allow trusted people to post to your blog. Just like you would only let trusted people into your house or let them use your email address.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘HTML tags may crush the whole blog’ is closed to new replies.