Prevent HTML in Comments

  • worchyld

    (@worchyld)


    19 years, 8 months ago

    I’m a bit of a newbie with wordpress, and I was playing around with the layout and css to get the look I wanted, after some testing I noticed that on the comments its says that HTML is allowed and there are certain tags you can use.
    I’ve customised the comments textarea bit so that it limits you to entering 200 characters, but I’d like to know if its possible to prevent ALL html, including UBB codes.
    If so, how does one do this? I’m concerned that people can put in any old junk into my comments, and I want to restrict formatting as much as possible, perhaps even to the extent where the comments will only accept certain characters, like this;

    0-9|a-z|A-Z|!”£$%&*()[]+-=/?.,{}@:;’

    How does one achieve this?
    On a side-note, I noticed the search box uses GET rather than POST, why is this and is it safe to do this? Does W/P take any precautions with the GET-ed data (such as anti XSS-stuff)
    Thank you very much for your help!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter worchyld

    (@worchyld)

    19 years, 8 months ago

    I may have found an answer to the prevention of html in comments;
    URL:
    http://faq.wordpress.net/view.php?p=44
    Now, I’m just wondering if anybody has any clues on the XSS side of the search box?
    Thanks for your help.

    chuyskywalker

    (@chuyskywalker)

    19 years, 8 months ago

    Anti – XSS?
    What is XSS, btw?
    Aside from that, using a “GET” is no less safe than using a “POST” in general terms. A post is only *slighly* hard to spoof. Besides which, I am fairly certain that the search is mysql_escaped before being passed, thus preventing and sql-insertion vunerabilities.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Prevent HTML in Comments’ is closed to new replies.