Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clean HTML in feeds of "dangerous" tags (#645) #648

Closed
wants to merge 6 commits into from
Closed

Conversation

@ralsina
Copy link
Member

ralsina commented Sep 2, 2013

No description provided.

@arusahni
Copy link
Contributor

arusahni commented Sep 3, 2013

Just ran it against my code. The output looks fine. 👍

That being said, YouTube videos, on account of them using iframes, are stripped out. I understand there are security concerns for having embeds and iframes in the feed, but is there any way to have it fall back to using some placeholder text so readers know there is something there? I'm using the ReStructured Text directive.

@ralsina
Copy link
Member Author

ralsina commented Sep 3, 2013

@arusahni that makes sense. I am moving this into the v6.1 so we can think it further.

@arusahni

This comment has been minimized.

Copy link
Contributor

arusahni commented on nikola/utils.py in f130540 Oct 12, 2013

To address my concerns, maybe it would be sufficient to display a message at the beginning of the RSS post saying something along the lines of "Certain content from this post cannot be viewed via RSS. Please visit the original post to see the article in its entirety." One could append it when the length of the _clean_html input is longer than the length of the output...

@Kwpolska
Copy link
Member

Kwpolska commented Feb 23, 2014

What is the status of this?

@ralsina
Copy link
Member Author

ralsina commented Feb 23, 2014

Well. I am not sure it's a good idea to do it or not.

@Kwpolska
Copy link
Member

Kwpolska commented Feb 23, 2014

IMO it is, provided that you do what @arusahni suggested: prepend a warning, and possibly even replace all the dangerous things with another warning.

@ralsina ralsina modified the milestones: v6.5.0, v6.4.0 Feb 26, 2014
@da2x
Copy link
Contributor

da2x commented Mar 12, 2014

Is this still needed with the new RSS_PLAIN option?

@ralsina
Copy link
Member Author

ralsina commented Mar 12, 2014

I'd say yes, this would allow a HTML feed, with formatting, but without the "forbidden" elements.

@ralsina ralsina modified the milestones: v7.0.0, v6.5.0 Mar 22, 2014
@ralsina ralsina modified the milestones: v7.1.0, v7.0.0 Apr 20, 2014
@Kwpolska Kwpolska force-pushed the master branch from 3549ebe to b1c16b0 Oct 29, 2014
@Kwpolska Kwpolska modified the milestones: v7.2.0, v7.3.0 Nov 2, 2014
@Kwpolska Kwpolska force-pushed the master branch from fefe9b6 to 1ee0ed7 Nov 3, 2014
@ralsina ralsina modified the milestones: v8.0.0, v7.3.0 Jan 13, 2015
@ralsina
Copy link
Member Author

ralsina commented Jun 5, 2015

This is clearly not happening.

@ralsina ralsina closed this Jun 5, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
You can’t perform that action at this time.