Uploaded image for project: 'CMS CONTENIDO'
  1. CMS CONTENIDO
  2. CON-2180

Module content_rss_creator may create invalid XML

    Details

      Description

      User input like ü in URL field is not escaped in RSS (XML), leading to potentially broken feeds. Using htmlspecialchars would not help because it does not remove chars that are not allowed in XML and it does not correctly escape ">" or "<" and it does not even check if its escapings are defined in the resulting XML.

      The suggested solution is to put conent into CDATA-block!

      Steps to reproduce:
      Install example client
      Go to Content -> Articles - System pages -> RSS creator
      Enter special chars into RSS description
      IE 8 will choke on wrong characters such as ü in output.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                thomas.stauer Thomas Stauer
                Reporter:
                thomas.stauer Thomas Stauer
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: