Forum .LRN Q&A: Re: news-aggregator portlet error

Posted by Felipe Gelbcke Gubert on
Same with weblog... (if you post a link)



solves the problem

Posted by Jeff Davis on
You need to be careful making things like that noquote since if someone were to put something like the following: in
<img src="">
in an aggregated feed you read on When you went to read it, it would get the url which would grant sitewide admin to thier user_id on your site.

In general, anything that comes from the outside needs to be checked for XSS and allowed tags before it is displayed.