Does anyone have an experience with using the shareToPublished API (as documented here: Tiny Tiny RSS – API Reference)?
I’m working on a custom integration and I’ve figured out that URL’s pushed to the published feed need to be unique.
I’m trying to work out when pushing content (as “content - Article content (string)”) - whether it’s possible to allow HTML to be inserted? At the moment, it seems like content is being stripped - I’ve tried the usual escaping/CDATA techniques and they don’t appear to allow for the HTML inserted to be rendered within the viewer.
Has anyone hit this before and is it possible within the bounds of the current API?
yes, currently shareToPublished content is stripped of all tags.
however, much like getHeadlines allows returning unsanitized raw HTML, a similar parameter could be added to shareToPublished to allow for inserting HTML.
technically this could be seen as a vulnerability vector, but
content will be sanitized anyway within tt-rss UI, much like any other feed data;
if you have API access you can subscribe the user to any number of potentially malicious feeds, exploiting any possible sanitizer holes anyway, and who knows what else;