Wordpress comments

Why Allow Script Commands in Comments?

I noticed that if you are an admin or editor, you are able to put in script code like this in comments (not in the page/post editor) for admin/editor roles:

<script>alert(“Danger, Wil Robinson!”);</script>

There doesn’t seem to be much documentation on this, which is allowed by unfiltered_html (see the answers here ).

It is only enabled for admin/editor roles; other roles will ignore any scripting commands in comments. But this seems to be a security risk.

What do others think about this possible security risk that allows script commands in comments?

Read more here:: Why Allow Script Commands in Comments?

Related posts:

  1. Comments/Discussion Not enabled on newly created posts/pages
    Like the title says, new posts and pages do not automatically have comments enabled, even though I have the option checked in discussion settings. Any...
  2. WP_Comment_Query – Get comments and answers separately
    I was developing a theme and this time I chose to use the bootstrap4, I found some difficulties in the way but I managed to...

Leave a Reply

Your email address will not be published. Required fields are marked *