I've just recently started using WordPress. One of the things I always worry about is cross site script (XSS) vulnerability. When I program I make sure special characters are stripped so that XSS attacks are neutralized. From my testing of Contact Form 7 it appears that special characters such as < and > are possible. Is there a way to exclude these or is a hack the solution? THANK YOU.