Minor XSS issue

[mclare]

The test for malicious use of script tags, feed2js.php lines 50 to 54 are insufficient.

Happy to share proof of concept as DM.

Can be mitigated at the server level. Can also be mitigated at the script level with new code from PHP7+ and/or a larger XSS library.

A PHP-level mitigation might impact project requirements and dependencies, so I wanted to file the issue before offering a PR.

[cogdog]

Thanks Matt. Those lines were written in a pretty naive period of time ;-)

Happy to take a PR. I do have a challenge in no longer having access to the server it is hosted on, and will try to reach out to the admin again (I was only able to find him on LinkedIn where I am NotIn)

Hi, nice to hear from ya...

[mclare]

Ok give me a bit to come up with a mitigation that'll pass scrutiny.

Pleasure to have a reason to reach out.

DM me on Twitter if you want the prof of concept link.

[mclare]

PR #31 created.