Security threat, scripts allowed in ad content even with HTML disabled
With HTML disabled for listings, when a user posts and ad, they can enter both HTML AND SCRIPTS into the content box, and when they go to the next page "Review Your Listing" the HTML will show AND the scripts will be executed!! Even though the html and scripts will be stripped out if the ad gets approved, this is still a major security issue!
Since it seems that there isn't much actual support here for paying customers, I will edit the template for the Review Your Listing page to strip out all HTML and scripts before displaying it on the screen, but this issued should be addressed immediately!
Reply With Quote
You must be an AppThemes customer and logged in to view this response.