Show HN: rust-rss – library for serializing the RSS web content format

Nice! It&#x27;s good to see libraries like these popping up, adding more value to the Rust ecosystem.<p>Coming from Ruby and Rails, I&#x27;m excited to dive into low-level programming with Rust. It is just so refreshing to have control over stuff that is totally abstracted away in Ruby, while being safe enough just to not shoot myself in the foot each time.

I dont know Rust, but I think this could be vulnerable to XXE attacks[1]. Back in the day I fixed all the Java RSS libraries so now I always look for it. It&#x27;s not exactly an obvious problem.<p>Also you should add RSS 1.0 (RDF) and Atom support.<p>[1] <a href="https:&#x2F;&#x2F;www.owasp.org&#x2F;index.php&#x2F;XML_External_Entity_%28XXE%29_Processing" rel="nofollow">https:&#x2F;&#x2F;www.owasp.org&#x2F;index.php&#x2F;XML_External_Entity_%28XXE%2...</a>

A quick look shows that RustyXML doesn&#x27;t have complete error-checking when building a tree, so it&#x27;s possible to get this library to generate output that isn&#x27;t well-formed XML (hi parse-errors!), which should be a worry if you&#x27;re taking input from other sources (with arbitrary strings).

Wow, just now I needed something like this for my rust package!