Open kirrg001 opened 7 years ago
@kirrg001 I'm the maintainer here ;)
I think the best approach for a non-breaking change would be to add a flag that is disabled by default, but when enabled auto-removes iframes? Possibly the same for #49, and then we can turn those features on by default for a 2.0.0 release?! 🤔
yeah great idea 👍
Hi,
That would be great. Discovered today that my automatic blog post distribution using Feedburner did not fire due to invalid RSS feed. I run into both issue #49 and this one. I'm using Ghost as blogging platform (came from their issue #8442 here).
The iframe is related to the Youtube card, and script element is based on the Twitter card in Ghost's editor.
I'm going to apply @ErisDS's ensureValid method from your branch to check whether invalid characters are going to be resolved.
Cheers, JoKi
Hey! 👋
In my opinion
node-rss
should remove all script (e.g. iframe) tags from a generated feed, because some rss validators show the following warnings/recommendations:content:encoded should not contain iframe tag
description should not contain iframe tag
These warnings occur if you add
custom_elements
likeRefs https://validator.w3.org/feed/docs/warning/SecurityRisk.html
As this is a rule, it might be helpful for everybody. Let me know if you think that the caller should remove script tags by himself.