It's even worse than it appears..
Sunday September 11, 2022; 10:55 AM EDT
  • In the new feed management system, instead of stripping all HTML from the descriptions of feed items, we're now allowing <p>s to get through. I want to have full text in my rivers, with a MORE icon that lets you see all the text. So the flow isn't dominated by long posts, but the text is there if you want to read it.#
  • But I don't want all the quasi-malware that comes with feeds these days. My plan was to strip all the markup, but it really wasn't workable without the <p> elements. #
  • I put out my braintrust query yesterday and got two good answers. Use regex or the the sanitize-html Node package. I went with the Node package. It builds on a full HTML parser, so it's legit technology, not a hack (though I was happy to use a hack, have been for years). #
  • Here's the before and after in screen shots. #
  • It was a good call. I thought about enabling other HTML elements, but decided to stop here for now. #
  • PS: Recall we already have support for Markdown in the feed system. So there's an even better way for friendly feed writers to do this, rather than trying to gum things up so badly that all we can do is nuke all most of the markup. 💥#

Last update: Sunday September 11, 2022; 11:37 AM EDT.

You know those obnoxious sites that pop up dialogs when they think you're about to leave, asking you to subscribe to their email newsletter? Well that won't do for Scripting News readers who are a discerning lot, very loyal, but that wouldn't last long if I did rude stuff like that. So here I am at the bottom of the page quietly encouraging you to sign up for the nightly email. It's got everything from the previous day on Scripting, plus the contents of the linkblog and who knows what else we'll get in there. People really love it. I wish I had done it sooner. And every email has an unsub link so if you want to get out, you can, easily -- no questions asked, and no follow-ups. Go ahead and do it, you won't be sorry! :-)