RSS Issue in BlogCFC

This post is more than 2 years old.

Pete Freitag pointed out an old RSS bug in BlogCFC. If HTML is contained in the entity, it is correctly escaped, but the Short version of the RSS feed will truncate the HTML midtag (or MAY truncate it). I'm in Boston so I don't access to my source, but it is an incredibly easy fix.

In BlogCFC, line 502, change:

(FYI, I added line breaks to make it a bit more readable.)

<description>
<cfif arguments.mode is"short"
and len(body) gte arguments.excerpt>
#xmlFormat(left(body,arguments.excerpt))#...
<cfelse>#xmlFormat(body)#</cfif>
<cfif len(morebody)> [More]</cfif></description>

to

<description><cfif arguments.mode is"short"
and len(REReplaceNoCase(body,"<[^>]*>"
,"","ALL")) gte arguments.excerpt>
#xmlFormat(left(REReplaceNoCase(body,"<[^>]*>","","ALL"),
arguments.excerpt))#...
<cfelse>#xmlFormat(body)#</cfif><cfif len(morebody)> [More]</cfif></description>

All I did was replace 'body' with a regex from cflib. Note that a better solution would be to store the result of the regex on the first call so we don't have to run it again, but for only 2 uses, I don't feel too bad about it.

Also note that this won't stop escaped html. So, as you can see the sentence before this one, I have real HTML - the italics. Above that is escaped HTML in code. This won't stop escaped HTML being truncated, but will stop real HTML. If that makes sense.

So - this will be pushed into source next week. I also detected a bug where an error in RSS generation will cause an infinite loop in rss.cfm. I'll fix that as well.

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA https://www.raymondcamden.com

Archived Comments

Comment 1 by Christian Cantrell posted on 6/2/2005 at 7:40 PM

Thanks for fixing this, Ray. I've seen this issue several times in MXNA.

Comment 2 by Steven Ross posted on 6/6/2005 at 6:29 PM

the line number in the file I downloaded (I got it from this site) was 504...

is that right or do I have the wrong version?

Comment 3 by Raymond Camden posted on 6/6/2005 at 6:38 PM

Nope - I just noticed that myself. I was working from the blog.cfc on my blog, NOT from source. Now that I'm back home, I also noticed it was 504.

Comment 4 by Steven Ross posted on 6/6/2005 at 6:46 PM

I am getting an error when i try to do anything like this in my implementation (I'm testing using Access locally).

my blog entry:

test
<code>
<cfform format="flash">

<cfinput type="checkbox" name="agree" label="I Agree" required="true" value="1">
<cfinput type="submit" name="submit" value="Push the button">

</cfform>
</code>

it appears to break when i try to do anything with cfform

Comment 5 by Raymond Camden posted on 6/6/2005 at 6:52 PM

Steven - everything inside code should be escaped. What error do you get exactly? (I can't test this second.) Does it go away if you change cfform to form?

Comment 6 by Steven Ross posted on 6/6/2005 at 7:05 PM

no that doesnt

it even errors if i do this:

<code>
<wrapcode>
<cfinput type="checkbox" name="agree" label="I Agree" required="true" value="1">
<cfinput type="submit" name="submit" value="Push the button">
</wrapcode>
</code>

the error:

ScriptName: /zerium/client/editor.cfm?id=51E03BEC-E929-B9BB-89D65E5FE6ACE1D5
Browser: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Referer: http://localhost/zerium/client/editor.cfm?id=51E03BEC-E929-B9BB-89D65E5FE6ACE1D5
Message: Error Executing Database Query.
Type: coldfusion.runtime.CfErrorWrapper

and there is the struct that is dumped...