I'm no php guru so I might be completely off on this, but I was wondering if there was a way to use some of the functionality of the template tag "get_page_clean_title()" to strip out any html the user might input into the comment text-area. As it stands, the user can pretty much run rampant with html in their comments.
Another, perhaps more desirable function would be to restrict the user to certain kinds of html. Like, say, paragraphs, and links only. Just a thought. I'm a little worried about someone writing a comment that completely destroys my page.
I just tested this with a comment that started like this:
Code:
</form>
<div style="
width: 1600px;
height: 1000px;
position: absolute;
z-index: 9999;
top: 0px;
left: 0px;
background-color: white
">I can pretty much put anything in here and completely take over this pages display! :(
</div>
This actually worked. I really don't want any spammers or hackers to kill my pages, and honestly there's a decent chance that if it's possible...someone's going to do it.
Anything I can do to avoid this and still have comments?