Improve HTML sanitization of Newswire items #20

New Issue

cbabcock · 2021-01-11T18:15:35Z

cbabcock commented

2021-01-11 18:15:35 +00:00

I'm reasonably sure this isn't a duplication of Issue #16

A Mastodon item appears in the Newswire section, so it's clearly been federated. No content appears until it's activated by mousing over its contents. When it does appear, it contains HTML tags

There's broken HTML there, so the most likely problem is a broken HTML sanitizer

I'm *reasonably* sure this isn't a duplication of Issue #16 A Mastodon item appears in the Newswire section, so it's clearly been federated. No content appears until it's activated by mousing over its contents. When it does appear, it contains HTML tags There's broken HTML there, so the most likely problem is a broken HTML sanitizer

👍 1

OMN added the

bug

label 2021-01-11 18:41:21 +00:00

bashrc commented

2021-01-11 22:04:49 +00:00

As of commit 3c1314d4b4 I've removed html markup from feed descriptions, so this should no longer be a problem. Trying to sanitize RSS feed decriptions probably isn't worth it, and these days the more mainstream news sites may fill them with tracker links or javascript stuff.

Feeds coming from Mastodon instances in theory should be better, because Mastodon only uses a limited subset of html, but it's probably better not to make any assumptions.

As of commit 3c1314d4b479a3dfb8abff59f6d1c2ddb91d3bf9 I've removed html markup from feed descriptions, so this should no longer be a problem. Trying to sanitize RSS feed decriptions probably isn't worth it, and these days the more mainstream news sites may fill them with tracker links or javascript stuff. Feeds coming from Mastodon instances in theory should be better, because Mastodon only uses a limited subset of html, but it's probably better not to make any assumptions.

Sign in to join this conversation.