Suggestion: sanitize forms for Javascript content | WordPress.org

Henrique Vianna
(@hvianna)

8 years, 5 months ago

I run a multisite installation at my University and one of our users managed to do a lot of “customizations” to their site by adding jQuery code in a contact form. Although really clever, this could cause a lot of trouble (break site/plugin functionality due to js errors, allow untrusted users to insert malicious code, etc..)

I would like to suggest that CF7 sanitizes form templates to remove javascript content before saving them to the database. If the author sees fit, I believe the unfiltered_html user capability could be used to allow only the super-admin (in multisite) or the admin (in standalone installation) to save javascript content in the forms.

https://wordpress.org/plugins/contact-form-7/

The topic ‘Suggestion: sanitize forms for Javascript content’ is closed to new replies.

Tags

In: Plugins
0 replies
1 participant
Last reply from: Henrique Vianna
Last activity: 8 years, 5 months ago
Status: not resolved