[wp-hackers] Security Vulnerability found
m at mullenweg.com
Wed Apr 13 17:59:20 GMT 2005
Eli Sarver wrote:
> Has this been addressed?
This is someone looking for recognition by trying to identify a
non-issue as a problem. WordPress is highly secure by default. Should
you be worried about this? Not if you haven't been worried by the past 5
years of blogging software or any other CMS in the world.
That said, I think a default feature restricting users lower than level
8 to a known subset of HTML would be useful, and will be including a
future release. A while back Mark Ghosh created the giant array that
KSES needs to accomplish this, I'm sure he (or I) still have it somewhere.
http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com
More information about the wp-hackers