Skip to:
Content
Pages
Categories
Search
Top
Bottom

Disabling Java / HTML in profile fields & comments?

  • Avatar of AlxDesign
    AlxDesign
    Member

    @alxdesign

    Hello, I decided to start using MU/BuddyPress today and installed it to test a few things.

    http://designmyspace.org/mu/blog

    I had a friend who registered and tried to break the page with java / html, just to see if it could be done. He managed to link his profile to youtube, and change the color of his name, and mess up a whole lot of other things. So, my question is, how do I disable html / java in the profile fields and profile comments (since that’s where he was able to break it)? I tried to search on the forum, but couldn’t find anything.

    Another thing I noticed is that the “Site Wide Activity” icons are positioned behind the text with 960 fixed width, if I didn’t accidentally cause that myself.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Avatar of Trent Adams
    Trent Adams
    Participant

    @trent

    Best bet if you find a bug or an enhancement would be to post it on http://trac.buddypress.org with your login from these forums. It might not be known yet and the reporting might help get it fixed.

    Trent

    Avatar of AlxDesign
    AlxDesign
    Member

    @alxdesign

    Alright, thank you. I’ll report it.

    I find it strange though, since I tested to run a <script> on the buddypress demo, and it didn’t work. Are you sure there isn’t some function I’ve accidentally allowed?

    Avatar of Burt Adsit
    Burt Adsit
    Participant

    @burtadsit

    More filtering was added to xprofile fields in trunk.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.