Preventing RSS exploits with Radio. I'm working on a Radio script that addresses RSS exploits.

Mark Pilgrim's suggestion of weeding out the unsafe HTML seems futile. Instead, the script removes all HTML tags and attributes other than a small subset that can't be abused: P, B, I, BR, and BLOCKQUOTE (all without attributes), A (with HREF only), and IMG (with SRC, ALT, HEIGHT, and WIDTH only). I'm hoping the script also has the side benefit of making RSS entries easier to read.

The script works on the text of entries, but I can't find a way to make it work with the storyArrived callback. If anyone has tackled this problem before, I've begin a discussion on the radio-dev mailing list. [Workbench] 
12:50:38 AM      comment []   trackback []