Loading External RSS with XmlWebPart

Topics: Developer Forum
Sep 18, 2009 at 5:18 AM

Hi,

I am trying to load an external RSS file for testing purposes with the default Xml Web Part but the webpart just shows the a continuous loading image. Is there something I am missing out?

I am also looking into creating a Ajax enabled SharePoint RSS Aggregator, would extending the xml web part be a good starting point?

Regards,

Nick

Sep 18, 2009 at 7:56 PM

YES! You'll need to load a local URL. So write an HTTP handler proxy for whatever content you're getting-- but you are ALSO responsible for security when you do that, so be sure to sanitize any content to prevent malicious code such as XSS attacks.

Sep 19, 2009 at 1:19 AM

I see, this is similar to how NewsGator implements its RSS aggregate feeds? Does the handler approach have any performance hits to it?

We are looking for a way to possibly use just Ajax so that the xml retrieval and aggregation/transformation are all done in the client side, would this be possible in Ajax?  The RSS Aggregator will be on the home page of our site and might contain a large number of feeds to aggregate per user thus the approach to just have it all done client side.

Sep 23, 2009 at 3:19 PM

Yes! We actually use the SharePoiont Ajax Toolkit, and specifically the Ajax XmlWebPart, for our commercial product "NewsGator Social Sites" (of which RSS aggregation is only a minor functionality).

An IMPORTANT thing for you to realize is that you MUST handle data cleansing on the server. Otherwise your AJAX code can be opening up all sorts of XSS and other scripting attacks. The NewsGator backend server handles this for us, and outputs server-aggregated data that is then loaded and rendered from the client.

Have you loked into using the NewsGator server for this? I'd recommend it, there's a lot of engineering our team put into it to make aggregation really easy. Otherwise, I'd recommend a server side approach for the aggregation itself since you NEED to scrub that content. Keep in mind that most SharEPoint environments MAY be runing as "trusted sites" in IE (not necessarily best, but possible), so you don't want your users to trust unfiltered external content with the same trust as native sharepoint coontent. MS has an AntiXSS library that you may want to check out, which is also on Codeplex.