OPDS1: html text constructs must be unescaped

Question

OPDS1: html text constructs must be unescaped

llemeurfr opened this issue 4 years ago · 0 comments

The Columbia feed, for instance, contains html summaries in OPDS entries. These are formatted like:

<summary type="html">&lt;p&gt;Benchmark for Faithful Digital Reproductions of Monographs and Serials. Version 1. .... Columbia University Catalog: go to CLIO&lt;/p&gt;
      &lt;p&gt;
   &lt;a href="https://clio.columbia.edu/catalog/14642100"&gt;Go to catalog record in CLIO.&lt;/a&gt;
      &lt;/p&gt;</summary>

Because an OPDS 1 feed is an extension of an Atom feed, rules of Atom feeds apply -> https://tools.ietf.org/html/rfc4287#section-3.1.1.2 in particular.

If the value of "type" is "html", the content of the Text construct MUST NOT contain child elements and SHOULD be suitable for handling as HTML [HTML]. Any markup within MUST be escaped; for example, "
" as "<br>". HTML markup within SHOULD be such that it could validly appear directly within an HTML
element, after unescaping. Atom Processors that display such content MAY use that markup to aid in its display.

Such content (of type html) must therefore be unescaped before being injected inside the webview, after some security cleaning.