Closed kittel closed 9 months ago
Hello again,
as there is a documented CVE in feedgen version 0.8 [0] i wonder when there will be a reaction to this. Would it help to propose a fix and submit it as a merge request?
regards
You are absolutely right that this is not great. Unfortunately, that's a design decision from right at the beginning of the project which isn't easy to fix. The methods always return the internal storage structure. This may be a string (if only a string is being stored), but will often be a dictionary.
For example, this:
fe.summary('description')
fe.source('http://example.com', 'Example')
fe.content('Some text')
print("Summary: {}".format(feed.entry()[0].summary()))
print("Source: {}".format(feed.entry()[0].source()))
print("Content: {}".format(feed.entry()[0].content()))
will result in:
Summary: {'summary': 'description'}
Source: {'url': 'http://example.com', 'title': 'Example'}
Content: {'content': 'Some text'}
Summary allows you to store a type as well as the summary itself. Returning only the summary would mean that there is no way to see what type is stored for the summary, which then would be inconsistent with the other methods.
That being said, I'll try to add changes like these to release notes.
The latest published version (0.9) contains an unwanted? API change. The getter function summary() in FeedEntry is now returning a dict instead of a string.
https://github.com/lkiesow/python-feedgen/blob/ffe3e4d752ac76e23c879c35682c310c2b1ccb86/feedgen/entry.py#L462
See the following example reading the Summary of an entry:
Expected behavior: Return Summary as String
Actual behavior: Summary is returned as dict -> {'summary': "content"}
Steps to reproduce:
Create test.py in current folder:
Execute the following command
Receive the following output: