mirror of
https://github.com/samuelclay/NewsBlur.git
synced 2025-08-21 05:45:13 +00:00
31 lines
1.2 KiB
XML
31 lines
1.2 KiB
XML
<fvdoc>
|
|
<div xmlns='http://www.w3.org/1999/xhtml'>
|
|
<div id='message'>
|
|
<p><code>foo</code> should not contain <code>script</code> tag</p>
|
|
</div>
|
|
<div id='explanation'>
|
|
<p>Some feed elements are allowed to contain HTML. However, some HTML tags, like <code>script</code>, are potentially dangerous and could cause unwanted side effects in browser-based news aggregators. In a perfect world, these dangerous tags would be stripped out on the client side, but it's not a perfect world, so you should make sure to strip them out yourself.</p>
|
|
|
|
<p>The validator will flag any element that contains any of these HTML tags:</p>
|
|
|
|
<ul>
|
|
<li><code>comment</code></li>
|
|
<li><code>embed</code></li>
|
|
<li><code>link</code></li>
|
|
<li><code>listing</code></li>
|
|
<li><code>meta</code></li>
|
|
<li><code>noscript</code></li>
|
|
<li><code>object</code></li>
|
|
<li><code>plaintext</code></li>
|
|
<li><code>script</code></li>
|
|
<li><code>xmp</code></li>
|
|
</ul>
|
|
</div>
|
|
<div id='solution'>
|
|
<p>Remove the offending HTML tags.
|
|
At a minimum, ensure that your content will still display as intended
|
|
if this element is stripped by
|
|
<a href="http://diveintomark.org/archives/2003/06/12/how_to_consume_rss_safely">security conscious clients</a>.</p>
|
|
</div>
|
|
</div>
|
|
</fvdoc>
|