Opened 13 years ago
Closed 13 years ago
#17400 closed defect (bug) (invalid)
Disable JavaScript in Comments
Reported by: | Kuzmanov | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.2 |
Component: | Comments | Keywords: | |
Focuses: | Cc: |
Description
I think the ticket name says everything. Shouldn't JavaScript be disabled in comments?
Change History (3)
#2
@
13 years ago
Only when I'm logged in as an admin. As I see no one can put <script> in comments in WordPress 3.1.2, that's why I'm reporting this. It's not 'very' safe when someone can use <script> in the comments, even it's an admin user.
#3
@
13 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
To disallow unfiltered HTML for all users, you can add this to wp-config.php:
define( 'DISALLOW_UNFILTERED_HTML', true );
From wpdevel post by Nacin.
Note: See
TracTickets for help on using
tickets.
What do you mean?
Are you saying you're able to put <script> tags in comments? If so are you writing said comment as an admin or editor user (someone with the unfiltered_html capability)?