Unsafe HTML by Feed
-
I have a feed that contains html in a CDATA section containing images ( i.e. it contains img src tags). This feed is TRUSTED, and I want to import the html tags into posts. Some tags however, like images, are stripped away upon import.
I tried some actions from the docs ( like using ‘feedzy_modify_feed_config’ to set? ? $feed->strip_attributes(false); , or like overwriting ‘feedzy_summary_input’ to skip filtering for some feeds, but all this did not work. The filters/actions I tried were taken from the shortcode docs and probably are not exectuted when importing.The only thing that worked, was setting
define( ‘FEEDZY_ALLOW_UNSAFE_HTML’, true );
according to https://docs.themeisle.com/article/1154-how-to-use-feed-to-post-feature-in-feedzyThis does not feel good, since it allows HTML now in every feed. Is there any way to set this for specific feeds only, like in a filter that is executed when feed items are turned into posts?
Regards
Ulrich
The page I need help with: [log in to see the link]
-
@andreearadacina21 I disabled the FEEDZY_ALLOW_UNSAFE_HTML define and tried your code as suggested, with minor modifications. To identify the filter, I added “(unfiltered)” or “(filtered)” to the output:
function kdefd_summary_input( $description, $content, $feedURL ) { //If you want to use the item content as the description. If not, then remove this line //If feed don't have content meta, $content is already equal to $description $description = $content; if (strpos($feedURL, "my-trusted-feed-domain.de") !== false) { $description = $description . " (unfiltered)"; } else { //Remove the item HTML tags (as in the default hook) if not in the above list $description = trim( strip_tags( $description ) ) . " (filtered) "; } //Remove hellip (as in the default hook) //Keep in mind that it will be added later in the plugin render $description = trim( chop( $description, '[…]' ) ); return $description; }In the source feed, there is a CDATA description section containing some HTML tags:
<item> <guid>https://www.example.com/5540093</guid> <link>https://www.example.com/5540093</link> <pubDate>Wed, 21 Jun 2023 14:16:46 +0200</pubDate> <title><![CDATA[ My Title as CDATA ]]></title> <description><![CDATA[K?ln (ots) - SOME LONG TEXT .... <div class="pp-image" data-src="https://example.com/story_big/20bdf4d9-c4f2-4bf3-be90-3a766f048dd8/Foto1.jpg" data-caption="Foto 1"> <span class="pp-caption">Foto 1</span><br><img src="https://example.com/story_big/20bdf4d9-c4f2-4bf3-be90-3a766f048dd8/Foto1.jpg" alt="Foto 1"/></div> <div class="pp-image" data-src="https://example.com/story_big/f3e2b762-4387-4d87-877e-7ecb8246db2a/Foto2.jpg" data-caption="Foto 2"> <span class="pp-caption">Foto 2</span><br><img src="https://example.com/story_big/f3e2b762-4387-4d87-877e-7ecb8246db2a/Foto2.jpg" alt="Foto 2"/></div> <div class="pp-source">Quelle:<a >https://www.example.com/5540093</a></div> ]]></description></item>In the Map-Content section, I configured the [#item_description] placeholder for the import into posts.
The resulting post contains the “(unfiltered)” text, so the filter is indeed executed. However, the <img src… tags are missing, only the <a href…> tags are there. :Output in the Post: <div class="pp-image"><span class="pp-caption">Foto 1</span></div> <div class="pp-image"><span class="pp-caption">Foto 2</span></div> <div class="pp-source">Quelle:<a href="valid-URL" rel="noopener">....</a></div> (unfiltered)So far, the only way to keep the <img src seems to be the FEEDZY_ALLOW_UNSAFE_HTML define …
Regards
Ulrich@luciamarinescu I made a Demo feeed that is structurally identical to the original one and whose URL can be published. See here:
https://cdn01.koeln.de/uploads/files/demofeed.xml ( like the original feed, this feed validates when checked with the w3c online validator)
There is one item with img src in CDATA. With the code mentioned by @andreearadacina21 , the img src tags are wiped out, with FEEDZY_ALLOW_UNSAFE_HTML they are kept.
- The topic ‘Unsafe HTML by Feed’ is closed to new replies.
