How Safe is SimplePie? [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.

Closed 8 years ago.

Improve this question

I'm planning to use SimplePie in a public project (Feed sources are not trusted).

So I wonder how safe is the Library? During parsing processes, does it skip XSS snippets, SQL injections, and other infection methods that my appear in a website's feed?

Is there any option/code I can change/add/remove for better security?

Thank You

Answer 1

I think this is probably not the right place to ask this kind of question. However, looking at the Parser.php file I don't see anything that explicitly tries to sanitize data although there is a file called Sanitize.php that appears to disallow some HTML tags among other things.

If you are really concerned about security, then you will probably have to really dig into the code and modify it to do what you want.