tags:

views:

85

answers:

5
Q: 

What are the valid HTML tags in RSS Feeds?

I've looked around, and it doesn't seem like there's any standard of what HTML tags are 'allowed' in RSS - you could put anything in. But the readers I tested only allow certain things.

In my initial testing, it seems like simple styling tags like <b> are fine. So is inline styles like <span style="color:red"> <img>'s seems to work. But <iframe>'s are ignored, as are <script> blocks. Onclick attributes don't work. <style> blocks work in some readers but not others

Is there a general consensus, standard, or compatability site listing what is and isn't supported in what readers? I want to know what the subset of HTMl tags I can use in feeds is.

A: 

RSS 2.0 Specification

Jonathan Sampson  2009-07-16 20:35:37
Those are the XML attributes of an RSS feed. I want to know the displayable HTML tags in the <description> section.
Tom Ritter  2009-07-16 20:40:30
+1  A: 

I don't think there's a standard here - it's all about what the RSS reader itself is willing to implement. So my guess would be that, for example, Google Reader would wash out tags and the like and dangerous HTML and CSS attributes, and then allow whatever other sort of non-blacklisted tag you would dare to include.

So, yeah. There's no specification, and therefore likely no standard - just the same general XSS prevention techniques we see across the whole interwebs. Your only option is to try out various tags that you think may be contentious (though really I'd expect almost anything but CSS styling would be permitted) in different RSS readers to see what happens, or simply to have your content ready to fall back to a more basic format if the desired HTML/CSS is not permitted.

What in particular are you trying to do? You may be able to get better answers if you can specify - or is this just a question of curiosity?

Matchu  2009-07-16 21:13:10
Mostly curiosity. I'd love to let users do things like vote up and down articles using javascript and ajax from within a RSS Reader, but I guess the best I'll be able to do is external links with unique tokens.
Tom Ritter  2009-07-16 21:31:34
Mhm. If my RSS Reader allowed Javascript, well, I'd just be mad. It's tough being both a developer and a user xD
Matchu  2009-07-16 21:43:16
A: 

I don't think there's any "official" answer. It might depend on what level of compatibility you're aiming for.

I'd keep it to the basic text formatting tags (STRONG, EM, etc) and IMG and A and that's about it.

Eli  2009-07-16 21:15:20
A: 

I think the 'right' thing to do is either include an xhtml namespace (xmlns:html="http://www.w3.org/1999/xhtml") or put the HTML data in a CDATA section.

Stijn Sanders  2009-07-16 21:22:41
+1  A: 

There is no standard here, but perhaps this will help: http://nick.typepad.com/blog/2006/08/feed_security_a.html

Nick Bradbury  2009-07-17 00:48:12

related questions

Add RSS to any website?
What is the best .Net library to handle feeds (Atom+RSS)
Using Yahoo! Pipes
PHP - RSS builder
Whats the best windows tool for merging RSS Feeds?
How do you customize the RSS feeds in SharePoint
What are your favourite programming-related RSS feeds?
Which library should I use to generate RSS in Common Lisp?
How can I import a raw RSS feed in C#?
What Feed Reader libraries for Java are best?
How To Discover RSS Feeds for a given URL
How to build large/busy RSS feed
ASP.Net RSS feed
Recommended Python RSS/Atom feed generator?
Rss feed for game programmer?
Programatically determine how many Comments a blog post has
merge rss feeds
RSS Feed Library for (Unmanaged) C++
SelectNodes not working on stackoverflow feed
Best Practices for AS3 XML Parsing
RSS/Atom for professional use
SSRS - RSS Feeds
Why Are People Still Creating RSS Feeds?
RSS Feeds in ASP.NET MVC
Monitor a specific RSS