Hello Stephen,

Hm, I am not too sure why do you need to palce the html_entity_decode because you are actually altering the "original state" of the contents. Contents should be stored as encoded html entities to avoid people messing with the DOM.

Hello,

We are yes because Easyblog stores it as raw html i.e. decoded in the database. Unless of course you add the decode to the output of blog posts but in my scenario this is much more work to override every easyblog view with a decode. I am only doing a single import to migrate blog posts from an existing url.

Many thanks

Hello Stephen,

That is actually not ideal because if your RSS picks up script tags, it could be exploit-able. This is why the contents are always decoded.

Hi Mark,

In which case Easyblog should be decoding HTML output if it is encoded. But it doesn't and thus you need to allow HTML to be inserted otherwise the RSS Feed import with any html is just plain useless as you don't strip it or run any HTML filters through it.

You should be able to import it as normal html running through the standard Joomla! Editor filter which thus makes it safe.

Hello Stephen,

It seems like feeds that contains CDATA may contain html codes (un-encoded) and feeds that doesn't contain CDATA are probably encoding the contents to html entities.

I guess we could try adding this in the next release and see how this goes.