|
|
Posted by shimmyshack on 02/14/07 15:07
On Feb 14, 1:27 pm, "Dave Mennenoh" <d...@blurredistinction.com>
wrote:
> I have plain text stored in a mySQL table. Within the text there are
> standard HTML links:
> <a href="something.com">Click Here</a>
> I am pulling the text out and creating an RSS file with it. It is working
> ok, except that when looked at in an aggregator the links show as text and
> do not become clickable links. I am using PHP's htmlentities(theText) on the
> plain text before placing it into the xml. Any thoughts?
>
> --
> Dave -
> Head Developerwww.blurredistinction.com
> Adobe Community Experthttp://www.adobe.com/communities/experts/
simply put, stop using that function, it's converting all your
"plain text" from the database, (which is really text/html)
into
plain text, which is then showing as plain text in the rss feed.
;)
however to store and retrieve html from the database stright into the
rss feed is asking for big trouble - (It's one of the ways companies
leak info to other businesses - through insecure rss feeds) - so I can
understand where your desire to escape the html comes from.
You need to be certain that you are checking all html that comes from
the database, if you are storing it there at all, and cleaning it
before you insert it into the rss feed.
There are plenty of php rss feed burners and creators out there, some
better than others, zend framework etc.. perhaps take a look at how
they ensure security.
(IMHO stop storing html in the database, unless you use reg
expressions to parse the links from the html clean and reintegrate
them into the feed)
Navigation:
[Reply to this message]
|