[wp-hackers] Safe commenting
handy.solo at gmail.com
Thu Jun 22 20:33:28 GMT 2006
Thanks to all of you who helped keep that thread straight by stopping
by (so quickly!). Very much appreciated. :-)
On 6/22/06, Owen Winkler <ringmaster at midnightcircus.com> wrote:
> Jason Salaz wrote:
> > On 6/22/06, Handy <handy.solo at gmail.com> wrote:
> >> Anyone here be game to offer some reassurances or thoughts to this
> >> thread over in the Support Forums?
> >> http://wordpress.org/support/topic/76975?replies=7 titled "How to make
> >> comments safe?"
> > Isn't kses running against all comments 'out of the box'?
> > I can't even comment with a freaking <q> tag for crying out loud. And
> > he wants to say that an open <script> capability exists?
> > Somebody is either 1) not running stock wordpress 2) has extensive
> > mods. Whether core code modification or script level, who knows.
> He's just commenting as logged in user with the unfiltered_html
> capability. Normal visitors won't be able to post script tags to his
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers