Code review of feed to html console application


#1

Hi there

I’ve written a console application in Rust and would like some feedback on where I could improve:

  • readability
  • pitfalls
  • general usage of Rust

The source code is located here feed2html_rs

My program reads a list of RSS or Atom feeds from a SQLite3 database and saves the entries back the database. Code for this is located in the src/read/lib.rs.

Then it writes all entries to a static HTML file for each feed and this code is located in src/write/lib.rs.

And lastly is uploads the static HTML files to an FTP server for later browsing and you’ll find the code in src/upload/lib.rs

You’re welcome to dig into any parts of the code if you want.

I welcome any constructive criticism you might have


#2
  • Escape all values you insert into HTML. Inconsistent handling of entities and HTML in feeds is a pain for creators, and in some cases could be an XSS risk for consumers.

  • path.join() doesn’t care about the content of the argument, so join("a").join("b") can be join("a/b").

  • Interesting that you put extern crate in each module. I put them all in the root. Fortunately they’re all going away in Rust 2018 :slight_smile:


#3
  1. Check. Seems reasonable and the right thing to do. By escaping my HTML are you referring to any script tags there might be in the source?
  2. I was chaining path.join() because I watned to be sure it worked on Windows and as well on *nix and I didn’t think trying your suggestion.
  3. I getting comlie time errors when having all extern crate in root so I moved them into each module knowning I would repet some of them. Good to know they are going away.

#4

And lastly thanks for the feedback


#5

I’m referring to every single value, like urls and titles, that you put in HTML. Everything that is not explicitly a formatted markup, should be escaped. I use ructe templates to automatically escape all variables. In case you’d be printing descriptions (which are HTML), you can use ammonia to remove potential invalid/unsafe HTML from them.


#6

Ahh :bulb:. And thank you for the links :+1: