Bot Susceptible to XSS
Opened this issue · 3 comments
Deleted user commented
Susceptible to XSS:
<w="/x="y>"/ondblclick=`<`[confir\u006d`test`]>Test
zreedeecom commented
Hi @thehappydinoa thanks for pointing out, we will look at it asap.
Medialo commented
I confirm the robot has this bug, and it is possible to create a condition, that for example, for fields that the user can fill, that if characters like"< >" are entered, it returns an error?
georgejipa commented
A little bit late, but the issue is finally solved in release 2.2.4. I've decided to strip all HTML tags from user responses.
https://github.com/Designmodocom/WP-Maintenance-Mode/releases/tag/2.2.4