New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSON feed content is not sanitized #227

Open

lemon24 opened this issue Mar 20, 2021 · 0 comments

Labels

core feed parsing

Owner

lemon24 commented Mar 20, 2021 •

edited

Loading

JSON feed content is not sanitized, and it's not obvious from the documentation either, but has big security implications.

Perhaps it's a good idea to finally re-implement content sanitization outside of feedparser: #125 (comment).

2021-10 update: Relevant feedparser issue: kurtmckee/feedparser#257

The standard says links have to be absolute, but we might implement relative link resolution as well.

lemon24 changed the title ~~Relative link resolution does not work for JSON feeds~~ JSON feed content is not sanitized

lemon24 mentioned this issue

Make default_parser() part of the public API #235

Closed

lemon24 mentioned this issue

Consider supporting alternative feed parsers #264

Closed

lemon24 added core feed parsing labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment