Comments (3)
from elementor.
@79ho3ein this is not the place to submit security reports.
Please use the bounty program.
from elementor.
Hello @79ho3ein,
after further investigation we concluded this is neither a security issue, nor something caused by Elementor.
For compatibility reasons, Elementor Pro's Post Comments widget utilizes the same methods any Theme would use to display comments on a document. These methods follow WordPress Coding Standards (WPCS) and use the built-in comments_template()
function (see documentation here), which in turns uses the wp_list_comments()
function (see documentation here) to render the HTML for each comment.
Since this is part of WordPress Core, it's safe to conclude it does not pose a threat to security, otherwise it would have been long patched by WordPress.
From the code in the ../wp-includes/comment-template.php
file (used by wp_list_comments()
), more specifically on line 525, you can see that class fetches the $user->nicename
which is what you saw in the CSS of the Post Comments widget.
If you are concerned about what classes are added to the comments, you can use the filter add_filter('comment_class')
to change the output of comment classes. You can learn more about this filter in this link: https://developer.wordpress.org/reference/hooks/comment_class/.
To avoid compatibility issues, Elementor won't change the output of these classes.
I hope this clarifies your concerns.
Kind regards.
from elementor.
Related Issues (20)
- Elementor Pro - Fatal Uncaught TypeError caused by empty settings in Loop Grid widget
- ❌ Invalid issue
- Cross site copy paste functionality keeps loading forever after pasting HOT 2
- Image Carousel Lazy Load: images looks broken before loading
- Elementor AI welcome PopUP height is bigger than screen size HOT 1
- ❌ Invalid Issue
- Loop widget on a single post template modifies data of following widgets which rely on the current post
- Search form in fullscreen doesn't show true overlay cover when mouse is placed on the site
- ❌ Invalid Issue HOT 1
- History not correctly saved HOT 2
- Issue with multiple instances of JavaScript variables when Elementor is active
- Pages do not want to load, even in safe mode HOT 9
- GTM <head> code producing random k=rsa code on front end of site
- Image Carousel in the Nested Tabs | Navigation jumps by 2 slides when carousel loop is false
- Elementor not compatible with Arc browser for Windows HOT 7
- Backround overlay gradient position values not loaded for tablet and mobile if set to "custom" value.
- ❌ Invalid issue HOT 1
- Elementor error in loading pages: This page doesn't seem to exist. It looks like the link pointing here was faulty. Maybe try searching? HOT 1
- ACF Fields for custom taxonomies are not showing in display conditions display
- Constant problems with CSS returning 404 when using "regenerate css" + external file print method & html caching HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elementor.