Comment Tag Style Remover
| Plugin Status | Stable | ||
| Author | Greg Bulmash | Version | 0.5 |
| Plugin Home | Visit | Author Homepage | Visit |
| Download | Visit | Plugin License | GPL |
| Description : | |||
| Removes CSS styles people try to embed in HTML tags within comments, heading off potential CSS-based page hijacks | |||
| Removes CSS styles people try to embed in HTML tags within comments, heading off potential CSS-based page hijacksCSS Hijack Prevention - Redux April 5th, 2007 by Greg Bulmash So, I should have known I was missing something. Wordpress was letting me insert styles in my comment text because I was logged in as Admin and therefore had privileges. When I tried putting the CSS in comments while logged out (posting as Joe Blow user), it stripped the styles without needing my plugin. So my first foray into plug-in writing, though working nicely, wasn't necessary. BUT, there are some systems where this vulnerability still exists (like those idiots at MySpace), and if you're rolling your own, this bit of code will still be helpful. And if you still want the plugin |