the user cannot inject html nor java into the input, infact i am aware of the security measure in creating an ajax app and cross site scripting, thats why, i interact with only the tables i need and using prepare function for wordpress to prevent such attacks on the database, if you were able to inject it, that means you are able to inject any plugin that uses wordpress ajax functionality
i would love to know how you did it, if you really did that
cheers
Hi n-for-all,
Thank you for your response, I dont have the background for it, but someone sent me a message stating that there is an issue and wrote me some code to tested such <script> alert (document.cookie); </ script> ??
I dont know what he mean, but if there is no issue, can you disable this feature? like using htmlspecialchars OR something ?
Regards
Hi,
A friend told me that there is no problem as you mentioned it to me and only its just print the code with no inject or any security issue.
Thank you and I apologize for any misunderstanding.
Ok great, thank you for clarifying that
