Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#9917 closed defect (bug) (invalid)


Reported by: epicreviews Owned by:
Milestone: Priority: highest omg bbq
Severity: critical Version: 2.7.1
Component: General Keywords:
Focuses: Cc:


Comments have a huge vulnerability

<script language="javascript">alert('Security');</script>

This set off a problem when someone was testing for me. anything that uses javascript does it htmlentities would protect it

This totally screwed up my categories with just a test.

Change History (1)

#1 @ryan
9 years ago

  • Milestone Unassigned deleted
  • Resolution set to invalid
  • Status changed from new to closed

Only users that have the unfiltered_html capability can do this.

Note: See TracTickets for help on using tickets.