[wp-hackers] Safe commenting

Owen Winkler ringmaster at midnightcircus.com
Thu Jun 22 20:24:42 GMT 2006


Jason Salaz wrote:
> On 6/22/06, Handy <handy.solo at gmail.com> wrote:
>> Anyone here be game to offer some reassurances or thoughts to this
>> thread over in the Support Forums?
>> http://wordpress.org/support/topic/76975?replies=7 titled "How to make
>> comments safe?"
> 
> Isn't kses running against all comments 'out of the box'?
> I can't even comment with a freaking <q> tag for crying out loud.  And
> he wants to say that an open <script> capability exists?
> 
> Somebody is either 1) not running stock wordpress 2) has extensive
> mods.  Whether core code modification or script level, who knows.

He's just commenting as logged in user with the unfiltered_html 
capability.  Normal visitors won't be able to post script tags to his 
comments.

Owen




More information about the wp-hackers mailing list