When it comes to cross site scripting in WordPress, I think that there’s a lot of education that’s to be had.
I’m by no means an expert in this field, but I think that there’s either a lack of awareness or we take for granted what WordPress does for us.
Generally speaking, WordPress does an excellent job of providing sanitization and validation functions (assuming that we use them correctly), but that doesn’t mean there aren’t potential exploits.
In my latest series on Envato, I give a two part introduction to cross-site scripting in WordPress and practical tips for how we can test our themes and our plugins.
Practical Tips For Cross-Site Scripting in WordPress
The series consists of two articles both of which are geared towards those who are absolute beginners when it comes to cross-site scripting (let alone cross-site scripting in WordPress).
- What Is XSS? The first article in the series provides a general overview of the topic as well as an introduction to topics such as script injection, the same-origin policy, and why testing for XSS is important.
- Practical Tips For Securing Your Site. This article provides a some practical things that you can do to test your work as well as a set of rich resources to use for references when it comes to testing not only your WordPress-based site, but your web applications, as well.
Ultimately, this is a topic that I’d love to see discussed even more especially because I’m new to it, as well – always something to learn from others, right?