This is why WordPress.com strips Javascript from posts. The potential for devilment is limitless without filtering!
This is why WordPress.com strips Javascript from posts. The potential for devilment is limitless without filtering!
Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.
View Archive →
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.
3 replies on “Cross-Site Scripting Worm Floods MySpace”
The potential for devilment is pretty high even with filtering, it seems: MySpace are also pretty vigorous in removing Javascript from any text entered by the user. It’s worth reading the description of how the specific exploit was done over here: http://namb.la/popular/tech.html and asking yourself if something like that could get past your own (or Worpress’) filters.
Thanks Dotan, that made for a scary read!
holy pj i fucking adore u