如何保护 wordpress 评论表单免受运行脚本的影响?
how protect wordpress comment form from runnig scripts?
最近我们为我们的 Wordpress 网站开发了一个自定义主题,
我使用了本地评论 Wordpress 系统,代码如下所示。
问题是我们如何保护评论表单免受 xss 攻击? <script>alert('hi');</script> 之类的脚本似乎只在评论表单上运行。
有什么想法吗?
谢谢。
<section>
<main>
<div class="comment-area">
<h2 class="comment-title -pb-20">
number of comments: <span><?php echo get_comments_number(); ?></span>
</h2>
<div class="comment-form">
<h3>Insert you comment here please.</h3>
<?php
$arg = array(
'title_reply' => '',
'comment_notes_before' => '',
'label_submit' => 'submmit',
);
comment_form($arg);
?>
</div>
<?php if (have_comments()) : ?>
<div class="comment-list">
<h1>all comments</h1>
<ul>
<?php
$args = array(
'style' => 'ul',
'callback' => null,
'end-callback' => null,
'type' => 'comment',
'reply_text' => 'reply',
'page' => '',
'per_page' => '',
'avatar_size' => 32,
'reverse_top_level' => true,
'reverse_children' => '',
'format' => 'html5',
'echo' => true,
);
wp_list_comments($args);
?>
</ul>
</div>
<div class="comments-pagination">
<?php if(get_comment_pages_count() > 1 && get_option('page_comments')) : ?>
<div>
<?php previous_comments_link('prev'); ?>
</div>
<div>
<?php next_comments_link('next'); ?>
</div>
<?php endif; ?>
</div><!-- .comments-pagination -->
<?php endif; ?>
</div>
</main>
</section>
add_filter( 'comment_text', 'sanitize_comment' );
function sanitize_comment( $comment_text ) {
$comment_text = sanitize_text_field($comment_text);
return $comment_text;
}
最近我们为我们的 Wordpress 网站开发了一个自定义主题,
我使用了本地评论 Wordpress 系统,代码如下所示。
问题是我们如何保护评论表单免受 xss 攻击? <script>alert('hi');</script> 之类的脚本似乎只在评论表单上运行。
有什么想法吗?
谢谢。
<section>
<main>
<div class="comment-area">
<h2 class="comment-title -pb-20">
number of comments: <span><?php echo get_comments_number(); ?></span>
</h2>
<div class="comment-form">
<h3>Insert you comment here please.</h3>
<?php
$arg = array(
'title_reply' => '',
'comment_notes_before' => '',
'label_submit' => 'submmit',
);
comment_form($arg);
?>
</div>
<?php if (have_comments()) : ?>
<div class="comment-list">
<h1>all comments</h1>
<ul>
<?php
$args = array(
'style' => 'ul',
'callback' => null,
'end-callback' => null,
'type' => 'comment',
'reply_text' => 'reply',
'page' => '',
'per_page' => '',
'avatar_size' => 32,
'reverse_top_level' => true,
'reverse_children' => '',
'format' => 'html5',
'echo' => true,
);
wp_list_comments($args);
?>
</ul>
</div>
<div class="comments-pagination">
<?php if(get_comment_pages_count() > 1 && get_option('page_comments')) : ?>
<div>
<?php previous_comments_link('prev'); ?>
</div>
<div>
<?php next_comments_link('next'); ?>
</div>
<?php endif; ?>
</div><!-- .comments-pagination -->
<?php endif; ?>
</div>
</main>
</section>
add_filter( 'comment_text', 'sanitize_comment' );
function sanitize_comment( $comment_text ) {
$comment_text = sanitize_text_field($comment_text);
return $comment_text;
}