[wp-testers] XSS problem?
Stefano
steagl at people.it
Sun Jan 28 10:54:19 GMT 2007
On Sun, 28 Jan 2007 05:30:48 -0500, Mark Jaquith
<mark.wordpress at txfx.net> wrote:
>It would be if regular commenters could do that. He was likely
>(hopefully) signed in as an Administrator when he published the
>comment, which removes the strict HTML sanitization.
I did a check locally and if I'm not logged as admin but a normal
unlogged commenter i cant' reproduce the problem.. the script tags are
correctly stripped... i suppos my user gett fooled by something and
maybe he didn't logout before commenting.
--
Stefano Aglietti - StallonIt on IRCnet - ICQ#: 2078431
Email: steve at 40annibuttati.it steagl at people.it
Sites: http://www.40annibuttati.it (personal blog)
http://www.wordpress-it.it (WordPress Italia)
More information about the wp-testers
mailing list