[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#242020: www.debian.org: security/dsa-long.en.rdf has HTML markup in <description> tag

* Mario Lang <mlang@debian.org> [2004-04-04 16:07]:
> Gerfried Fuchs <alfie@ist.org> writes:
>> * Mario Lang <mlang@debian.org> [2004-04-04 13:19]:
>>> AIUI, the description tag is not supposed to contain ordinary HTML markup
>>> in RSS 1.0.
>>  Thats why they are escaped and put in there as entities.
> But then, you are simply hoping for something to interpret this mess.
> If an aggregator does not, the resulting description text does simply
> look ugly and is hard to read.

 Have you taken a link at *any* of the feeds that are used on
<http://planet.debian.net/>? They do *all* include escaped HTML tags in
them. And I think it is a good thing.

>>  No, please not. From what I understand it HTML is allowed in there if
>> it is encoded as entities.
> I continue quoting from the same page:
> "      If you need to include a a tag in the text of the feed (e.g.,
>        the title of an item is "Ode to <title>"), make sure you escape
>        ampersands and angle brackets (so that it would be "Ode to
>        &lt;title&gt;")."

 And this isn't done. Those tags _are_ escaped, thank you.

> However, this is not saying "Use ordinary html markup to identify links
> and paragraphs".

 And it doesn't say the contrary, like you insist.

> The problem is that some aggregators might be able to parse escaped HTML
> markup, but it is simply not specified in the RSS standard, and so, aggregators
> are not required too.

 Maybe another plaintext feed helps, then. But I am still not convinced
that this is something that rss wasn't meant to offer, sorry.

> Of course I do, because of above mentioned reasons.  It should continue
> to escape < and > and the-like, however, we should strip out anchor
> and paragraph start/end tags.

 I dislike this change, but I'm not the only one who must be convinced.
I guess you can still try to convince someone else -- but then again,
refrain from changing the current dsa-long but add a dsa-txt or similar
feed for your preference.

> I disagree.

 Fine, and I disagree with the helpfullness of your patch.
<thuglife> ok dont blame me i am a bitch :))
                                  -- #debian-devel

Attachment: signature.asc
Description: Digital signature

Reply to: