how secure wordpress comment form in a custom theme?

Question

How is it possible to secure comment form in WordPress against XSS attack?
recently we made a custom theme for our wordpress website and I used this code for the comments section as follows.
The main question is when inserting code like <script>alert('hi');</script> in comment textarea, it shows a js popup. how could I sanitize inputs in the comment code?

Thanks

<?php
 if(post_password_required()) {
   return;
 }
?>

<section>
    <main>
        <div class="comment-area">

            <h2 class="comment-title -pb-20">
            number of comments:  <span><?php echo get_comments_number(); ?></span>           
            </h2>     
                

            <div  class="comment-form">
                <h3>Insert you comment here please.</h3>
                <?php 
                    $arg = array(
                        'title_reply'          => '',
                        'comment_notes_before' => '',
                        'label_submit'         => 'submmit',
                        
                    );
                    comment_form($arg);  
                ?>
            </div>

           <?php if (have_comments()) : ?>
                <div class="comment-list">
                    <h1>all comments</h1>  
                    <ul>
                        <?php

                            $args = array(
                                'style'             => 'ul',
                                'callback'          => null,
                                'end-callback'      => null,
                                'type'              => 'comment',
                                'reply_text'        => 'reply',
                                'page'              => '',
                                'per_page'          => '',
                                'avatar_size'       => 32,
                                'reverse_top_level' => true,    
                                'reverse_children'  => '',
                                'format'            => 'html5',
                                'echo'              => true,
                            ); 


                            wp_list_comments($args);
                        ?>
                    </ul> 
                </div>

                <div class="comments-pagination">
                    <?php if(get_comment_pages_count() > 1  &&  get_option('page_comments')) : ?>
                    <div>
                        <?php previous_comments_link('prev');  ?>
                    </div> 
                    <div>
                        <?php next_comments_link('next');  ?>
                    </div> 
                    <?php  endif; ?>
                    
                </div><!-- .comments-pagination -->


            <?php endif; ?>


        </div>
    </main>
</section>
0
zahra_oveyedzade 2 months 0 Answers 37 views 0

Leave an answer