Hello
WordPress Comment is allowing all HTML tags including <script> tag and it is very vulnerable to XSS attack.
We normally use wp_list_comments function to list out all comments and according to Wordpress Unit test data we need to allow almost all tags on the comments ( ex. http://wptest.io/demo/comments/comment-page-1/#comments )
It also runs javascript code and isn’t it dangerous.
Any suggestion regarding this?