Re^3: XML::RSS::Parser::Lite Question


Your skill will accomplish what the force of many cannot
	PerlMonks

Re^3: XML::RSS::Parser::Lite Question

by BlenderHead (Novice)

on Nov 18, 2009 at 18:32 UTC ( [id://807983]=note: print w/replies, xml )

Need Help??

in reply to Re^2: XML::RSS::Parser::Lite Question
in thread XML::RSS::Parser::Lite Question

Thank you for these warnings!

Am not sure of all the implications of the security issues you mention, but - since the above code contained links which would evoke HTTP_REFERER, I disabled the script.

The bulk of my actual intent was to use the RSS scripts under privatized servers, so only trusted content would be fed to the aggregator. But these issues with public content are good to know, as there's always the want for greater inclusion.

If anyone wishes to further comment, then please feel free to do so. I'm still not sure of how the HTTP_REFERER could be traced, but looking into it now. Anyway, the script link above will not work - though the question is still held open for comment.

Ty.

Comment on Re^3: XML::RSS::Parser::Lite Question

Replies are listed 'Best First'.

Re^4: XML::RSS::Parser::Lite Question
by Utilitarian (Vicar) on Nov 18, 2009 at 23:47 UTC

The issue with your script's output is the HTML::Entity encoding of data within XML files, in this case the item.description. To resolve use HTML::Entity to decode the encoded chars, however you should then use HTML::Scrubber on the resulting output if you do not trust the originating source.

And Corion's advice about not displaying images from remote/untrusted sources is wise until you have developed a security policy for this scenario. Happy reading ;)

[reply]

In Section Seekers of Perl Wisdom