issue where malicious users might inject malicious code into the comments. The WPBakery Visual Composer plugin though has an additional setting that can be enabled to sanitise and escape the output of a posted comment before it is sent back to the user. This setting is called WPBakery Safe Draggable Comments and can be enabled by going to Settings > WPBakery Visual Composer > Comment Options. By enabling this setting, any user input will be sanitised and escaped before being output in a comment. This helps to prevent Cross-Site Scripting issues when posting comments.

What is Cross-Site Scripting?

Cross-Site Scripting (XSS) is a type of computer security vulnerability where malicious users might inject malicious code into the comments. The WPBakery Visual Composer plugin though has an additional setting that can be enabled to sanitise and escape the output of a posted comment before it is sent back to the user. This setting is called WPBakery Safe Draggable Comments and can be enabled by going to Settings > WPBakery Visual Composer > Comment Options. By enabling this setting, any user input will be sanitised and escaped before being output in a comment. This helps to prevent Cross-Site Scripting issues when posting comments.

WPBakery Visual Composer - Dashboard Settings

The WPBakery Visual Composer plugin has a setting called WPBakery Safe Draggable Comments. This setting can be enabled to help prevent Cross-Site Scripting issues when posting comments.
To enable this setting, go to Settings > WPBakery Visual Composer > Comment Options. From the drop-down menu, select the option "Sanitise and Escape Output For All Posts."

Timeline

Published on: 11/14/2022 15:15:00 UTC
Last modified on: 11/16/2022 19:06:00 UTC

References