如何保护 wordpress 评论表单免受运行脚本的影响?

how protect wordpress comment form from runnig scripts?

最近我们为我们的 Wordpress 网站开发了一个自定义主题, 我使用了本地评论 Wordpress 系统,代码如下所示。 问题是我们如何保护评论表单免受 xss 攻击? <script>alert('hi');</script> 之类的脚本似乎只在评论表单上运行。 有什么想法吗?

谢谢。

<section>
    <main>
        <div class="comment-area">

            <h2 class="comment-title -pb-20">
            number of comments:  <span><?php echo get_comments_number(); ?></span>           
            </h2>     
                

            <div  class="comment-form">
                <h3>Insert you comment here please.</h3>
                <?php 
                    $arg = array(
                        'title_reply'          => '',
                        'comment_notes_before' => '',
                        'label_submit'         => 'submmit',
                        
                    );
                    comment_form($arg);  
                ?>
            </div>

           <?php if (have_comments()) : ?>
                <div class="comment-list">
                    <h1>all comments</h1>  
                    <ul>
                        <?php

                            $args = array(
                                'style'             => 'ul',
                                'callback'          => null,
                                'end-callback'      => null,
                                'type'              => 'comment',
                                'reply_text'        => 'reply',
                                'page'              => '',
                                'per_page'          => '',
                                'avatar_size'       => 32,
                                'reverse_top_level' => true,    
                                'reverse_children'  => '',
                                'format'            => 'html5',
                                'echo'              => true,
                            ); 


                            wp_list_comments($args);
                        ?>
                    </ul> 
                </div>

                <div class="comments-pagination">
                    <?php if(get_comment_pages_count() > 1  &&  get_option('page_comments')) : ?>
                    <div>
                        <?php previous_comments_link('prev');  ?>
                    </div> 
                    <div>
                        <?php next_comments_link('next');  ?>
                    </div> 
                    <?php  endif; ?>
                    
                </div><!-- .comments-pagination -->


            <?php endif; ?>


        </div>
    </main>
</section>

add_filter( 'comment_text', 'sanitize_comment' );
function sanitize_comment( $comment_text ) {
    $comment_text = sanitize_text_field($comment_text);
    return $comment_text;
}