Wednesday, April 6, 2011

Code in a RSS feed

I am using a feed creator (specifically, Kohana's feed::create()), except some of my text might be like this in the description element

See code below

<?php echo 'example'; ?>

The feed creator is using the SimpleXML Library. Whenever the data is returned (using $xml->asXml()) the html angle brackets inside the description element are converted to HTML entities.

This makes the tags be parsed correctly, useful for p tags and the like. However, in this case - the PHP code won't show up (being surrounded by angle brackets).

My question is - how can I show stuff like this in a RSS feed? How can I display &gt; when it itself is parsed back as <? Does that make sense?

Here is an example of what is being outputted:

<description>&lt;p&gt;some content&lt;/p&gt;&#13;

&lt;p&gt;WITH some code&lt;/p&gt;&lt;p&gt;&lt;?php&#13;
    //test me out!&#13;
?&gt;&lt;/p&gt;&#13;
</description>

(note that is not an error above - the entities are all converted)

What I'd like it to display (in a RSS reader) is

some content

WITH some code

<?php
     //test me out! ?>
From stackoverflow
  • Haven't you try with CDATA tags?

    alex : I tried doing that .... but when I called asXml() the CDATA tags themselves were encoded.
  • All RSS tags contain strings so can't you just do your PHP manipulation prior to setting the tag?

    So instead of saying:

    $xml->description = 'Description <?php echo $var; ?>';
    

    you should be doing:

    $xml->description = 'Description ' . $var;
    

    What is the reason that you want to pass PHP code into your RSS feed? I'm guessing that a lot of feed readers would not execute it anyways.

    alex : I want to **show** it... as in ... **look** at the following code sample. I don't want the code being parsed. I'm guessing ALL feed readers would not execute PHP code... it would be quite a security problem if they did execute it on an online reader or on your local machine.
  • You want the code to actually display in the feed as code, not execute, right? If so, you need to escape it the same way you would if you wanted it to display in HTML, i.e.:

    htmlspecialchars( "<?php echo 'example'; ?>" )
    

    That will result in your feed looking even more garbled than it already does, because the PHP will be double-encoded, once for the RSS XML and again for the HTML contained in the RSS XML.

    alex : I tried that - but I couldn't get it to work. Let me try it again. Thanks for your answer.
    alex : I had to use it twice - I leveraged Kohana's html::specialchars(). It ugly as hell but it works - the line looks like this `$markup = '
    ' . html::specialchars(html::specialchars($code)) . '
    ';`

0 comments:

Post a Comment