RSS Best Practices
Brent,
Phil,
and Ben
are discussing whether RSS feeds should have relative or absolute
URLs in encoded HTML. This has bothered me in the past,
particularly when viewing Joel On Software's RSS feed through
the lens of the Radio Aggregator. His feed has a number of
instances of <a href="news/...> and
<IMG src="pictures/...">. Is it
valid RSS?
Absolutely! Does it provide the greatest value to the
widest possible audience? Well, perhaps it could be improved
a little. And perhaps the aggregators can do better too.
There probably are a number of things which are quite legal RSS,
but are less than neighborly. For example, a
<script> tag. Or a
<meta> tag. Or
an <embed> tag. Or an
<object> tag. You get the picture.
What I would like to do is to have the greater community
discuss this for a few days, and then Mark and I will implement
it in the RSS
validator. As always, validation and compliance will be
completely voluntary. We will clearly separate errors from
warnings. In fact, we will provide an option to not see the
warnings at all, if that is your preference.
Now that's ironic
A perfectly valid RSS item about RSS best practices takes three aggregators and two browsers to read.... [more]Trackback from phil ringnalda dot com at
The Next Logical Step for RSS.
It no secret that RSS 2.0 format contains many questionable design decisions that where developed with an even more questionable approach. Sam Ruby points out that "a number of things which are quite legal RSS, but are less than neighborly." He is calling for the community to discuss best practices that he and Mark Pilgrim will then implement as warnings in their RSS Validator service. I completely agree and resubmit my XSS profile and offer some additional tips. ... [more]Trackback from tima thinking outloud. at
creativeCommons RSS validation
I just committed code which validates the new creativeCommons rss module. What this entails is the following: Ensuring that the value of the license element is a fully qualified (i.e., non-relative) rfc2396 URI. Warning if the creativeCommons ... [more]Trackback from Sam Ruby at
Reading, Random RSS links
I try catching up on reading of what’s happening in RSS World. Mark Pilgrim: How to consume RSS safely, Mark’s little prank showing RSS exploit and advice on 10 HTML tag stripping. Some background: RSS Validator ContainsScript, Minimize...Excerpt from yowkee essential at
Sooner or later, intentionally malformed RSS feeds will show up on the net.
An RSS Security Checker tool is now available at
RSS Reader Security Check
It currently checks and reports 10 commonly known exploits and is primarily intended to check vulnerabilities of RSS readers.
Posted by Ulrich Schwanitz atNow that's ironic
A perfectly valid RSS item about RSS best practices takes three aggregators and two browsers to read....Excerpt from phil ringnalda dot com: Now that's ironic: Comments at
Definitely a good direction for any good tool to evolve in: to reinforce the use of best practices! Consider defining and storing the criteria for the warnings outside of the code, i.e. in XML.
Posted by Dave Seidel at