RSS Feeds Tests Made Public

Microsoft RSS Team senior program manager Sean Lyndersay has made a blog entry pointing to a suite of feeds tests made publicly available by James Snell. Based on a similar initiative from James Holderness, Snell's tests have evolved in volume and complexity, and were previously available only to aggregator developers. Lyndersay admitted that Microsoft has implemented Snell's resources in order to test the security mitigations related to the Internet Explorer 7 RSS platform. But while IE7 has proven bulletproof in all the testing sessions, Snell revealed on his blog that additional Feed Reader developers used the tests to identify and plug vulnerabilities in their products.

"James' original tests are targeted at RSS. I've gone through and ported all of his tests over to Atom 1.0 and expanded the suite to 1,397 individual tests checking a broad range of potential threat vectors (most of which are simple variations of each other). For many of the tests, if your feed reader properly handles the difference between text, HTML and XHTML, you won't see any problems. However, some of the tests even manage to trip up the Universal Feed Parser," wrote Snell.

For all interested, Snell's suite of tests can be found here:
http://www.snellspace.com/public/everything.atom
http://www.snellspace.com/public/everything2.atom
http://www.snellspace.com/public/everything3.atom
http://www.snellspace.com/public/everything4.atom
http://www.snellspace.com/public/everything5.atom

Follow the editor on Twitter @mariusoiaga