RSS Issue in BlogCFC

Pete Freitag pointed out an old RSS bug in BlogCFC. If HTML is contained in the entity, it is correctly escaped, but the Short version of the RSS feed will truncate the HTML midtag (or MAY truncate it). I’m in Boston so I don’t access to my source, but it is an incredibly easy fix.

In BlogCFC, line 502, change:

(FYI, I added line breaks to make it a bit more readable.)

<FONT COLOR=NAVY><description></FONT>
<FONT COLOR=MAROON><cfif arguments.mode is <FONT COLOR=BLUE>"short"</FONT>
and len(body) gte arguments.excerpt></FONT>#xmlFormat(left(body,arguments.excerpt))#...
<FONT COLOR=MAROON><cfelse></FONT>#xmlFormat(body)#<FONT COLOR=MAROON></cfif></FONT>
<FONT COLOR=MAROON><cfif len(morebody)></FONT> [More]<FONT COLOR=MAROON></cfif></FONT><FONT COLOR=NAVY></description></FONT>

to

<FONT COLOR=NAVY><description></FONT><FONT COLOR=MAROON><cfif arguments.mode is <FONT COLOR=BLUE>"short"</FONT>
and len(REReplaceNoCase(body,<FONT COLOR=BLUE>"<[^></FONT>]*>"</FONT>,<FONT COLOR=BLUE>""</FONT>,<FONT COLOR=BLUE>"ALL"</FONT>)) gte arguments.excerpt>
#xmlFormat(left(REReplaceNoCase(body,<FONT COLOR=BLUE>"<[^>]*>"</FONT>,<FONT COLOR=BLUE>""</FONT>,<FONT COLOR=BLUE>"ALL"</FONT>),
arguments.excerpt))#...
<FONT COLOR=MAROON><cfelse></FONT>#xmlFormat(body)#<FONT COLOR=MAROON></cfif></FONT><FONT COLOR=MAROON><cfif len(morebody)></FONT> [More]<FONT COLOR=MAROON></cfif></FONT><FONT COLOR=NAVY></description></FONT>

All I did was replace ‘body’ with a regex from cflib. Note that a better solution would be to store the result of the regex on the first call so we don’t have to run it again, but for only 2 uses, I don’t feel too bad about it.

Also note that this won’t stop escaped html. So, as you can see the sentence before this one, I have real HTML - the italics. Above that is escaped HTML in code. This won’t stop escaped HTML being truncated, but will stop real HTML. If that makes sense.

So - this will be pushed into source next week. I also detected a bug where an error in RSS generation will cause an infinite loop in rss.cfm. I’ll fix that as well.

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate for Extend by Auth0. He focuses on serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support.

Lafayette, LA https://www.raymondcamden.com

Comments