WordLog

A weblog authored by Carthik about the latest in the WordPress world.

Thursday, September 09, 2004

Wicked Comments and WordPress

Filed under: — Carthik @ 7:21 pm

I received a comment with the following in the body of the comment :
<meta HTTP-EQUIV="REFRESH" CONTENT="10;URL=http://www.----.---"> coool</meta>

This is an obvious attempt to force the page to re-load to show the intended URI (which I blanked out above).

WordPress displayed “<p>coool</p>” and that’s the end of the matter.

Just one of the few reasons why the html allowed in the comments in WordPress blogs is restricted to a few html tags. I love it when things work silently in the background, protecting from stupid evil people.

8 Comments

  1. [...] s won’t allow superscript tags in comments, but its restrictions also have benefits. Here’s an example where a blog spammer tried to use an HTTP tag to ma [...]

    Pingback by Charles on... anything that comes along » Spam me not, nor try to — 9/10/2004 @ 7:26 am

  2. Incredible the lenghts spammers will go to.

    Glad it just works.

    Comment by Joen — 9/10/2004 @ 3:29 am

  3. Most systems that allow HTML input from users will ignore meta tags, along with tags like object, embed, applet, iframe, script, and frameset to stop abuse.

    Still, never seen meta used before. If I get some free time I might put together a test case to see what browsers would actually process a meta tag in the body of a page.

    Comment by Neil T. — 9/10/2004 @ 5:52 am

  4. That’s the first time I’ve seen a meta used to spam. I’m glad that WP has been good to me regarding catching spam comments.

    Comment by Ria — 9/10/2004 @ 2:28 pm

  5. I tried to put the above meta header in the body of a document. All of Opera 7.54, IE6 and Firefox 0.93 for windows reloaded.

    Comment by Albert — 9/11/2004 @ 12:52 pm

  6. stupid spammers…

    Comment by Sushubh — 9/12/2004 @ 5:46 pm

  7. I’ve seen this used back around 1998 or so, it’s not a new one…

    Comment by Pete Prodoehl — 9/13/2004 @ 12:53 pm

  8. You really have to wonder at the incentive for all this spamming stuff. The motivation behind the spammers, yadda yadda…guess its a sign of desperation from them (spammers) *sigh*

    Comment by Brad — 9/18/2004 @ 6:45 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

 

Powered by WordPress

eXTReMe Tracker