Sanitizing comments or escaping comment_text()
I’m creating a template for comments on my WordPress site. I noticed that a simple <script>alert(1);</script> slips through the default WP codex implementation of comments, using the comment_text() function to display my comments. No bueno.