Saturday, June 14, 2008

Intranet Feed Reader 0.2.0 - Support for Atom, and improved security

New version of Intranet Feed Reader add-on - 0.2.0 is available now. Source code is available here.
The add-on now has improved security by executing JSONP in sandbox instead of running it in chrome. This improvement will stop malicious code served by XML2JSON proxy, there is still possibility that unsafe code might leave sandbox but threat surface is much smaller now. Blog entry about that will follow and will continue to work on ways to improve security so stay tuned.
New version brings support for Atom feeds so now you can use: http://feeds.feedburner.com/blogspot/digitalmihailo as XML Url :) I added some HTML cleansing code as well - in our intranet we are using confluence and some feeds are featuring unclosed img tags. What the code does is using very simple algorithm (and un-optimized) to close unclosed tags and remove closing tags without openning tag. These improvements are implemented by following functions in content/sidebar.js of the add-on source code:

desinfictHtml
runInSandbox
adaptData - for Atom to RSS (we are using RSS to render content)
so give it a look.

Sandbox execution is inspired by Greasemonkey implementation.
Converting Atom dates is inspired by Convert Atom documents to JSON document by IBM.


Testing remarks

For setting up testing environment locally one possible solution would be to download feed's XML and put it to your local web server - url something like: http://localhost/testfeed/somefeed.xml. Using XML2JSON proxy is described in the first post on the Intranet Feed Reader Add-on.

No comments:

Post a Comment