There seem so be several XSS issues still to solve. I just opened a test account and posted a widely accessible XSS string for testing purposes, which even affected the front page.
I deleted my account to remove the content but forgot to delete my account. Therefore the XSS test group is still there:
I hope you are intending to increase the security of buddypress.
You must be logged in to reply to this topic.