public-mirrors/NewsBlur
1
0
Fork 0
mirror of https://github.com/samuelclay/NewsBlur.git synced 2025-08-21 05:45:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
NewsBlur/vendor/feedvalidator/demo/docs/warning/SecurityRisk.html

88 lines
3.5 KiB
HTML
Executable file
Raw Blame History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>foo should not contain script tag</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="icon" href="http://www.feedvalidator.org/favicon.ico" />
<link rel="shortcut icon" href="http://www.feedvalidator.org/favicon.ico" />
<style type="text/css" media="screen">@import "../../css/common.css";
@import "../../css/documentation.css";</style>
<script type="text/javascript"><!-- --></script>
<link rel="start" href="http://feedvalidator.org/docs/" title="Home" />
</head>
<body>
<div id="logo">
<h1><a href="../../"><span id="feed"><span id="f">F</span><span id="e1">E</span><span id="e2">E</span></span><span id="d">D</span> Validator</a></h1>
<p>Documentation</p>
<a class="skip" href="#startnavigation">Jump to navigation</a>
</div> <!--logo-->
<div id="main">
<h2>Message</h2>
<div class="docbody">
<p><code>foo</code> should not contain <code>script</code> tag</p>
</div>
<h2>Explanation</h2>
<div class="docbody">
<p>Some feed elements are allowed to contain HTML. However, some HTML tags, like <code>script</code>, are potentially dangerous and could cause unwanted side effects in browser-based news aggregators. In a perfect world, these dangerous tags would be stripped out on the client side, but it's not a perfect world, so you should make sure to strip them out yourself.</p>
<p>The validator will flag any element that contains any of these HTML tags:</p>
<ul>
<li><code>comment</code></li>
<li><code>embed</code></li>
<li><code>link</code></li>
<li><code>listing</code></li>
<li><code>meta</code></li>
<li><code>noscript</code></li>
<li><code>object</code></li>
<li><code>plaintext</code></li>
<li><code>script</code></li>
<li><code>xmp</code></li>
</ul>
</div>
<h2>Solution</h2>
<div class="docbody">
<p>Remove the offending HTML tags.
At a minimum, ensure that your content will still display as intended
if this element is stripped by
<a href="http://diveintomark.org/archives/2003/06/12/how_to_consume_rss_safely">security conscious clients</a>.</p>
</div>
<h2>Not clear? Disagree?</h2>
<div class="docbody">
<p>Let us know on the <a href="http://lists.sourceforge.net/lists/listinfo/feedvalidator-users">feedvalidator-users</a> discussion list!</p>
</div>
</div><!--main-->
<div class="centered">
<a name="startnavigation" id="startnavigation"></a>
<div class="navbarWrapper">
<div class="navbarContent">
<img class="borderTL" src="../../images/borderTL.gif" alt="" width="14" height="14" />
<img class="borderTR" src="../../images/borderTR.gif" alt="" width="14" height="14" />
<p>
<a href="../../">Home</a> &middot;
<a href="../../about.html">About</a> &middot;
<a href="../../news/">News</a> &middot;
<a href="../../docs/">Docs</a> &middot;
<a href="../../terms.html">Terms</a>
</p>
<div class="roundedCornerSpacer">&nbsp;</div>
</div><!-- .content -->
<div class="bottomCorners">
<img class="borderBL" src="../../images/borderBL.gif" alt="" width="14" height="14" />
<img class="borderBR" src="../../images/borderBR.gif" alt="" width="14" height="14" />
</div><!-- .bottomCorners -->
</div><!-- .contentWrapper -->
</div><!-- .centered -->
<div class="centered">
<address>Copyright &copy; 2002-4 <a href="http://diveintomark.org/">Mark Pilgrim</a> and <a href="http://www.intertwingly.net/blog/">Sam Ruby</a></address>
</div>
</body>
</html>
Reference in a new issue View git blame Copy permalink