The Windows Vista RSS Platform


There has been a great deal of talk, speculation, and real-world vulnerabilities (CVE-2006-4660) and (CVE-2006-4712) attributed to Real Simple Syndication (RSS) feeds. At Microsoft we envisaged such an attack vector and have spent a great deal of time adding defenses to the RSS platform in the operating system, and it is highly recommended that you use the built-in RSS infrastructure rather than performing the data parsing yourself if you want to build an application that uses RSS. We’re not saying the RSS platform is impervious to attacks, but we have spent countless hours hardening it against assault. For example, the platform sanitizes feed content (Microsoft 2006a) and strips out script prior to storing the content. The code that does this sanitization was developed in Office and is derived from the code used to successfully sanitize billions of Hotmail email messages.

Important  

Of course, we can’t expect you to rewrite your product to use the RSS platform in Windows Vista, but if you are building a product that includes RSS support, then you should seriously consider using the RSS platform in Windows Vista.

The Windows RSS platform offers two COM interfaces: a vtable version for C/C++ developers starting with the IXFeedsManager interface, and a late-bound IDispatch-derived interface named IFeedsManager. You must include <msfeeds.h> in your code to access these interface definitions.

A full treatise of the Windows RSS platform is beyond the scope of this book, and you can find more information about it at MSDN (Microsoft 2006b), but to give you a feel for how to use the RSS infrastructure, the following code will enumerate all feeds in the root folder, and display each feed’s name, URL, and item count.

 HRESULT hr = CoInitialize (NULL); if (FAILED(hr))   return hr;   CComPtr<IXFeedsManager> spIXFeedsManager;   hr = spIXFeedsManager.CoCreateInstance(CLSID_XFeedsManager, NULL, CLSCTX_INPROC_SERVER);     if (FAILED(hr))   return hr;      CComPtr<IXFeedFolder> spIXRoot;   hr = spIXFeedsManager->RootFolder(IID_PPV_ARGS(&spIXRoot));   if(SUCCEEDED(hr)) {     CComPtr<IXFeedsEnum> spIXFeedsEnum;     hr = spIXRoot->Feeds(&spIXFeedsEnum);     if (SUCCEEDED(hr)) {       UINT uiFeedCount = 0;       hr = spIXFeedsEnum->Count(&uiFeedCount);       while (uiFeedCount && (SUCCEEDED(hr))) {         CComPtr<IXFeed> spIXFeed;         hr = spIXFeedsEnum->Item(--uiFeedCount, IID_PPV_ARGS(&spIXFeed));         if (SUCCEEDED(hr)) {           LPWSTR wszName = NULL;           if (SUCCEEDED(spIXFeed->Name(&wszName))) {              wprintf(L"%s",wszName);              CoTaskMemFree(wszName);           }           LPWSTR wszUrl = NULL;           if (SUCCEEDED(spIXFeed->Url(&wszUrl))) {              wprintf(L" from %s",wszUrl);              CoTaskMemFree(wszUrl);           }           UINT cItems;           if (SUCCEEDED(spIXFeed->ItemCount(&cItems))) {              wprintf(L" has %d items.\n",cItems);           }              spIXFeed = NULL;        }        spIXFeedsEnum = NULL;        if (uiFeedCount)        hr = spIXRoot->Feeds(&spIXFeedsEnum);      }   } } spIXRoot = NULL; spIXFeedsManager = NULL; CoUninitialize();



Writing Secure Code for Windows Vista
Writing Secure Code for Windows Vista (Best Practices (Microsoft))
ISBN: 0735623937
EAN: 2147483647
Year: 2004
Pages: 122

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net