It’s just data

Taking RSS security seriously

It is nice to see that Aggie RC5 proactively strips all script, object and meta tags from text before displaying it.

The RSS validator has always flagged script, meta, embed, and object tags. But the real fixes need to be in the aggregators. Kudos to Aggie.


My HTML-to-plaintext aggregator laughs in the face of your scripting exploits.

This HTML thing, it'll never catch on.

Posted by Mark at

RSS Security and Secure Syndication

Stories and articles about RSS and security.See AlsoPrivate RSS Feeds: Support for security in aggregators ...... way to produce secure RSS feeds, take a look at MySmartChannels (available as a free service at [link]). It...

Excerpt from [DecisionCast] RSS Radar at

Web 2.0 (Really Simple Syndication) RSS, Atom, and Feed Security and Hacking

Below is a collection of resources that I’ve gathered that I’ve decided to stick in one [...]...

Excerpt from 神刀网 at

Add your comment