Comment 1Y5 Re: Borked RSS feed b/c of THIS article title!

Story

S & P sets Tesla's credit rating to B-

Preview

Borked RSS feed b/c of THIS article title! (Score: 0)

by Anonymous Coward on 2014-05-28 16:00 (#1Y4)

<title>S&P sets Tesla's credit rating to B-</title>
The ampersand wasn't escaped and apparently pipedot is just regurgitating text entered on a webform. And, if that is true, is vulnerable to XSS attacks from maliciously entered titles. :-[

And what about body text and comments?

At the very least my aggregator is erroring out and red flagging pipedot's RSS feed.

Re: Borked RSS feed b/c of THIS article title! (Score: 3, Informative)

by Anonymous Coward on 2014-05-28 16:02 (#1Y5)

BTW, the red flagging is b/c pipedot's RSS feed is NOT valid XML (the unescaped ampersand).

Moderation

Time Reason Points Voter
2014-05-28 16:02 Informative +1 iwanttokeepanon@pipedot.org
2014-05-29 11:30 Interesting +1 ncommander@pipedot.org
2014-06-02 08:16 Informative +1 ploling@pipedot.org

Junk Status

Marked as [Not Junk] by evilviper@pipedot.org on 2015-01-04 00:16