When the reader ingests the RSS feed, it attempts to parse the XML content. However the use of CDATA within the Link element can be used to perform HTML injection. A simple payload will look like this: <![CDATA[ https://google.com"> <img src="1"> ]]>.
Recommend to escape the characters before displaying to the user.
When the reader ingests the RSS feed, it attempts to parse the XML content. However the use of CDATA within the Link element can be used to perform HTML injection. A simple payload will look like this:
<![CDATA[ https://google.com"> <img src="1"> ]]>.Recommend to escape the characters before displaying to the user.