Validate your RSS feed(s)
“Validate your RSS feed,” suggests Mark Pilgrim. “Please.”
My RSS 1.0 feed validated but my RSS 0.91 feed didn’t. The helpful instructions provided for Movable Type users enabled me to update my RSS templates in a few minutes.
Now both my RSS feeds validate: RSS 1.0 and RSS 2.0.
However, I was disconcerted that the potential security issue Phil Ringnalda mentioned a month ago in reference to the Movable Type RSS 1.0 template still hasn’t been addressed. I’ll quote Phil’s post in full since it remains topical:
If you are just merrily producing RSS 1.0 with the default MovableType template without ever having given it a close look, you might want to look now. Down amongst the
<item>tags you’ll find<dc:creator><$MTEntryAuthor encode_xml="1"$></dc:creator>. If you are the cautious sort who uses a secret login name for MT, so that people would have to guess both the name and the password to get in, you might want to change that to either<$MTEntryAuthorNickname encode_xml="1"$>(and set a nickname in your author profile), or just put your actual name in in place of the tag. After all, I’m already building a stalker’s dream come true; I’d rather not have"SELECT ?x, ?y FROM * WHERE (?x, <dc:creator>, ?y) USING dc for <http://purl.org/dc/elements/1.1/creator>"be a cracker’s dream come true as well.
Or, as Phil put it in his email to me at that time:
In your RSS 1.0 Index template, there’s a line that reads:
<dc:creator><$MTEntryAuthor encode_xml="1"$></dc:creator>and I’m guessing that you really don’t want to be advertising to the world that you log into MT as yourLoginName. If in fact you don’t, it would be a good idea to change that line to:
<dc:creator>Jonathon Delacour</dc:creator>
In the updated RSS 1.0 template (in the code block beginning <channel rdf:about="<$MTBlogURL$>">), I also had to change the line:
<dc:creator><MTEntries lastn="1"><$MTEntryAuthor encode_xml="1"$></MTEntries></dc:creator>
to:
<dc:creator>Jonathon Delacour</dc:creator>
So, if you’re the cautious sort, you might want to make similar changes to your RSS 1.0 template too.
Ulp. I'd forgotten all about that, and if I wasn't too stubborn to just copy a template instead of fixing mine I would have gone back to advertising my login.
In your fix, you don't need the MTEntries lastn="1" at all: that was just there to get into entry context so that MT would be able to return the MTAuthor.
Posted by: Phil Ringnalda on 23 October 2002 at 01:22 AM