This is why WordPress.com strips Javascript from posts. The potential for devilment is limitless without filtering!
Holy Shmoly!
Look what I found today!
This is why WordPress.com strips Javascript from posts. The potential for devilment is limitless without filtering!
Holy Shmoly! is Stephen Fry proof thanks to caching by WP Super Cache
The potential for devilment is pretty high even with filtering, it seems: MySpace are also pretty vigorous in removing Javascript from any text entered by the user. It’s worth reading the description of how the specific exploit was done over here: http://namb.la/popular/tech.html and asking yourself if something like that could get past your own (or Worpress’) filters.
Thanks Dotan, that made for a scary read!
holy pj i fucking adore u