Re: [syndication] Re: Ads in RSS

[Dan Lyke <danlyke@flutterby.com>]

Julian Bond writes:
> If this gets bad, I'd suggest that the RSS viewers start putting an
> image filter switch on their display. In fact it might be a good idea to
> do this now, to pre-emptively stop this sort of abuse.

Wait a minute, is anyone who's using RSS feeds passing the text
unchanged to an HTML control? Bad idea. Bad, bad idea. Passing
unescaped text to an HTML control is like running executable code from
unverified sources.

I assume that anything coming through an RSS feed will be un-marked-up
text, so I escape it before it goes out to anything that might try to
interpret it. Thus any attempt to embed HTML tags will end up with
something akin to:

   <img ...>

And the user will see

   <img ...>

Rather than actually displaying an image.

If enough viewer writers adopt this attitude then it's a moot point,
because people who try to embed images will just look stupid. But it's
also just a good idea lest we end up with people embedding <font> and
<color> tags, or even putting entries inside tables with background
images and the whole freakin' bit.

People working on viewers: Don't ever let the HTML get to an HTML
control. Everything else will fall out correctly from that.