Feedsplitter

Feedsplitter LogoAn RSS to HTML to Javascript newsreader, so you can easily include newsfeeds on your webpages using <script> tags. It's written in PHP, for installation on any webserver.

Live Demo: http://chxo.com/feedsplitter/index.php

Download: get the lastest from here

Security Alert: This is release is a critical upgrade.

Featured:

What Is Feedsplitter?

Feedsplitter is a PHP script that converts RSS or RDF newsfeeds into HTML, Javascript, or whatever format you want. Display random entries, just the channel image, or use custom stylesheets -- Feedsplitter separates content and display using a simple XML template system.

Feedsplitter enables the display of fully-styleable dynamic content on static HTML pages, by means of a javascript include like
<script src="feedsplitter.php?feed=yourfeed.rss&format=js"></script> 
embedded in the page.

There is an interactive demo online.

You can install feedsplitter on any PHP-enabled web server (v4 or better). It should work with most shared webhosts. See the Feedsplitter Homepage for download information.

Oct 29, 2006:

Bug-fix Release

Javascript templates now return proper text/javascript headers.
download: feedsplitter-2006-10-29.tar.gz.
md5: 90b1fc91540da0f23bc487e0ea87fe4e

Sep 19, 2006:

Mandatory Upgrade: Feedsplitter 2006-09-19

Mandatory upgrade. This fixes the issues articulated in this post. I'm sorry this took so long to fix, the author was unable to contact me (or didn't try), and I don't follow bugtraq closely. Please click through for details and new code.

This release fixes a damned embarassing directory traversal exploit, whereby an attacker could potentially read any .xml file readable by the webserver user, if they know the exact path.

This release also fixes a potential cross-site scripting exploit.

This release also removes a situation where an attacker could potentially inject php code into the RSS feed. I wasn't able to get this exploit to work, but the potential had to be addressed. This release does not eval() any part of the feed, ever.

Finally, I added a built in test feed to prove that php and xss attacks cannot be embedded in feeds. I heartily welcome any additional tests, please let me know.

If you haven't already "subscribed to this folder" you should. There will be updates, and you'll want to get an email.

The tarball is here: feedsplitter-2006-09-19.tar.gz
md5: 4cd12f22909f5b8641bf0115a76ce6cb

Again, you MUST UPDATE your feedsplitter installation, or stop using it. I apologize, profusely, for the inconvenience.

Jan 21, 2006:

Announcing Feedsplitter 2006-01-21

This is a bugfix release, with rewritten install instructions, updated feeds in the demo page, and a new logo. :-)

Download the tarball here: feedsplitter-2006-01-21.tar.gz.

Feb 19, 2004:

Announcing Release 2004-02-19

A new version of feedsplitter is available, which includes the following upgrades:
  1. Unicode characters in feeds are now handled correctly
  2. Feedsplitter sends appropriate HTTP cache headers, MUCH more efficient
  3. Configuration has been moved to a separate file, and local configuration won't be overwritten by upgrades.
  4. A configuration value ($hosts_allowed) allows you to restrict feedsplitter use to pages on your website.

The source tarball is here

If you're looking for the install file it's in the next version. Thanks for the feedback, y'all. Pay me next time.

Many thanks to Scott McDowell, Edward Spodick, and Peter Scott for their suggestions and patches!

Jun 17, 2003:

Released! 2003-06-17

CHXO is pleased to announce the release of Feedsplitter version 2003-06-17. New in this release are a template to support "XHTML over Javascript" (demo) and a template oriented toward sidebar newsfeeds via Javascript (demo).

See "more" to download.
 more»

Jun 13, 2003:

Feedsplitter Update Coming Soon

More news is good news. Feedsplitter is getting an upgrade as part of Berylium2. In fact, Feedsplitter.php will become the official newsfeed rendering engine for all Berylium sites.

Jan 31, 2003:

Enhanced XML Parsing In PHP

It seems that our parser is choking on certain HTML entities, like ö -- what to do? Update: This is technically a problem with improper CDATA quoting in newsfeeds. But it isn't going to go away.
 more»

Jan 28, 2003:

Feedsplitter, vol. 1

Feedsplitter weblog starting up. Since Feedsplitter.php is a tool for parsing and displaying RSS/RDF newsfeeds, I think it only fair that its website be run as a newsfeed. This is a berylium folder at http://chxo.com/berylium/software/feedsplitter/index.html.

This is the last page of Feedsplitter.

Feedsplitter: a folder

permalink - RSS Newsfeed

jump to top