flickr photo shared by The U.S. National Archives with no copyright restriction (Flickr Commons)
I believe this is safe but I’m no security expert. Every thing I could find on XSS issues was focused on stealing passwords. WordPress feeds are all public and require no login so I think it’s all good. StackOverflow seems to agree.
With that hearty and confidence-inspiring endorsement, I give you this amazingly complicated plugin to allow access to all your WordPress feeds from other stuff (like Kin’s github rss reader)1 All simple stuff really, the key piece was getting the right trigger pre_get_posts. Otherwise it was called too late. is_feed is the other little handy piece which Tim Owens mentioned . . . and I subsequently used.
I passed, thanks.
What did I do wrong? Did I fail to install your hacky, unsafe plugin so the North Koreans will get my latitude and longitude?
While accurate, I take offense to those statements.
I have now complied, if my shit goes down I’m coming looking for you, Woodward!