New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean HTML in feeds of "dangerous" tags (#645) #648
Conversation
Just ran it against my code. The output looks fine. 👍 That being said, YouTube videos, on account of them using iframes, are stripped out. I understand there are security concerns for having embeds and iframes in the feed, but is there any way to have it fall back to using some placeholder text so readers know there is something there? I'm using the ReStructured Text directive. |
@arusahni that makes sense. I am moving this into the v6.1 so we can think it further. |
What is the status of this? |
Well. I am not sure it's a good idea to do it or not. |
IMO it is, provided that you do what @arusahni suggested: prepend a warning, and possibly even replace all the dangerous things with another warning. |
Is this still needed with the new RSS_PLAIN option? |
I'd say yes, this would allow a HTML feed, with formatting, but without the "forbidden" elements. |
This is clearly not happening. |
No description provided.