I added some potentially dangerous code to automatically turn code examples (things in <code> elements with class demo into actual HTML or javascript that are added to the post. The javascript part works; I used it in the last post; here's testing the HTML insertion:


  <div style="background: purple; margin: 2px">This is a test</div>

And more testing:


  <div style="background: #080; margin: 2px">This is a test</div>

One Comment

  1. Danny says:


    <div style="border: 5px solid blue">Trying XSS by inserting in comments should fail</div>

Leave a Reply


Warning: Undefined variable $user_ID in /home/public/blog/wp-content/themes/evanescence/comments.php on line 75