[development] stripping tags during aggregation?

Ashraf Amayreh mistknight at gmail.com
Tue Jun 26 08:23:37 UTC 2007


Hello all,

I've recently been going through the question of weather it's useful to
preserve the html tags that are part of aggregated content. So rather than
dive into this on my own I wanted to see the consensus on this issue from
others who probably have more experience in this than I do.

If the <content> or <summary> tags in an ATOM feed have an <img> tag I was
always pleased to find the image showing up inline in my aggregated content,
but what about formatting tags? Allowing arbitrary code could be a herald
for XSS attacks as was noted in the a previous thread.

Question: Should all tags in aggregated content be stripped? If not, then
what tags should be allowed? If I use filter_xss then what tags should I
allow? Is there some specification or article on what HTML tags should be
allowed to go through? How do aggregation module authors handle this or
advise that it be handled?

I really appreciate all feedback on this issue. Thanks :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20070626/30acf05b/attachment.htm 


More information about the development mailing list