Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#17400 closed defect (bug) (invalid)

Disable JavaScript in Comments

Reported by: Kuzmanov Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.2
Component: Comments Keywords:
Focuses: Cc:


I think the ticket name says everything. Shouldn't JavaScript be disabled in comments?

Change History (3)

#1 @duck_
5 years ago

What do you mean?

Are you saying you're able to put <script> tags in comments? If so are you writing said comment as an admin or editor user (someone with the unfiltered_html capability)?

#2 @Kuzmanov
5 years ago

Only when I'm logged in as an admin. As I see no one can put <script> in comments in WordPress 3.1.2, that's why I'm reporting this. It's not 'very' safe when someone can use <script> in the comments, even it's an admin user.

#3 @ocean90
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

To disallow unfiltered HTML for all users, you can add this to wp-config.php:


From wpdevel post by Nacin.

Note: See TracTickets for help on using tickets.