2 thoughts on “XSS and WordPress Themes

  1. strip_tags()seems a bit harsh. Maybe htmlentities() would be nicer?

    Grepping the theme I use, WP seems to have a wp_specialchars() function of its own. I didn’t look at exactly how it does what it does, but that would unify all HTML output filtering through a single place.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>