IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • Will my WordPress site become vulnerable to Cross-Site Scripting (XSS) if I allow img tags in the comments area?

    • IT Nursery
    • May 9, 2022
    • 0

    I’m planning to follow this tutorial in order to allow my subscribers to add images to comments (actually a custom post type called “Replies”).

    WordPress filters <img> tags by default (except for the admin).

    Will my WordPress site be vulnerable to Cross-Site Scripting (XSS) if I allow img HTML tags in my comment section?

    1 Answer
    1

    Many evil things can be done by including an image. The question is how well WordPress filters them. To give you an idea:

    • File names should be checked
      properly.
    • The actual image data can contain
      javascript.
    • Also, EXIF data could contain
      javascript.
    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *