Support

Home Forums Event Espresso Premium Improve Registration form security EE4

Improve Registration form security EE4

Posted: November 17, 2014 at 3:47 pm

Viewing 1 reply thread


Adele Haswell

November 17, 2014 at 3:47 pm

Wordpress v4.0 EE4
I have been involved in a security review of the site that I am using Event Espresso on and have been made aware that the Registration form will actually accept <script> as a valid entry. Is there a way to make this more secure so that it won’t accept possibly malicious content?


Josh

  • Support Staff

    •

November 17, 2014 at 5:00 pm

Hi Adele,

The registration form inputs get completely sanitized so if someone tries to inject a script on a registration form page, their nasty script tags get stripped out.

If you are seeing something else, please by all means outline how to reproduce the issue on our private submit a security vulnerability form and we can investigate.
Viewing 1 reply thread

The support post ‘Improve Registration form security EE4’ is closed to new replies.

Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.

Support forum for Event Espresso 3 and Event Espresso 4.
Documentation for EE3 and EE4
Documentation for Event Espresso 3 Documentation for Event Espresso 4

Status: closed

Updated by Josh 10 years ago ago

Topic Tags

Notifications

This topic is: not resolved
Event Espresso