Skip to:
Content
Pages
Categories
Search
Top
Bottom

bbPress 2, JavaScript injection appears to be allowed

  • Hi All,

    Sorry if this has been resolved somewhere else, I’ve tried searching the forums and haven’t found anything.

    My problem is that I’ve installed the bbPress plugin into a clean install of wordpress, and when testing it tried a simple JavaScript insert. Open script tag, alert “Oh Dear” and close the script tag.

    When I posted this, it went through. The page alerted the text. Each time the page loads, it runs the JavaScript.

    So, my question is: Is there a way of stopping this? I’m pretty new to WordPress and *very* new to bbPress, but have been loving what I’ve been seeing so far. I really don’t want to have to try something else when this solution seems to tick every box but this.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Steveorevo
    Participant

    @steveorevo

    Check that you create a user at the subscriber level, and post a reply containing the script tag. It should not allow you to do this (or at least that is the case with me).

    Within the administration screens, or at a different user level other then subscriber maybe a different story.

    Thank you Steveorevo!

    That was exactly the problem. When logged in as an administrator I can post Javascript, when logged in as a Forum Participent, it strips it out.

    I *knew* there had to be something in there to stop that.

    Again, thank you for the help, and thank you also for the quick reply.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.