Index: openacs-4/packages/general-comments/www/comment-add-2.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/general-comments/www/comment-add-2.tcl,v
diff -u -r1.8.2.6 -r1.8.2.7
--- openacs-4/packages/general-comments/www/comment-add-2.tcl	23 Mar 2023 15:41:37 -0000	1.8.2.6
+++ openacs-4/packages/general-comments/www/comment-add-2.tcl	24 Apr 2024 10:25:46 -0000	1.8.2.7
@@ -28,8 +28,17 @@
     category:onevalue
     return_url:onevalue
 } -validate {
-    no_js_in_content {
+    safe_content {
         #
+        # We do not allow iframes in the content.
+        #
+        if {[regexp -nocase {<(iframe|frame)} $content]} {
+            ad_complain [_ acs-tcl.lt_name_contains_invalid \
+                             [list name [_ general-comments.Comment]]]
+            return
+        }
+
+        #
         # We do not allow any javascript in the content, including
         # event handlers.
         #
@@ -42,6 +51,7 @@
                   -validate]} {
             ad_complain [_ acs-tcl.lt_name_contains_invalid \
                              [list name [_ general-comments.Comment]]]
+            return
         }
     }
 }