Escaped characters in Views RSS style plugin for statuses

Sorry for the delay, I was on vacation -- I think it should be filter_xss(urldecode()) but thanks for the patch and I will try to commit this as soon as I can.

I don't know what I was thinking with urldecode(). Committed your patch to dev, thanks.

Actually, it should probably be this:

$status_text = _facebook_status_run_filter($status->status);
if (variable_get('facebook_status_nl2br', 0)) {
  $status_text = nl2br($status_text);
}
$item->title = $status_text;

That's consistent with the way it works everywhere else in FBSS. (And it's standard to allow those tags in RSS feeds.)

Maybe it would be better to put the status in the "description" element though -- but then I don't know what would go in the title... maybe filter_xss($status->status, array()) for the title and a "less clean" version in the description.

Twitter doesn't do that. The username of the creator of the tweet is in the title, but so is the tweet.

$args = array(
      '!poster' => filter_xss(theme('username', $poster), array()), // Not using $poster->name for realname compatibility
      '!owner' => filter_xss(theme('username', $owner), array()),
    );

I believe that the $user->name property works with realname as long as the user object is loaded directly (i.e. using user_load()). The global $user object is incomplete so $GLOBALS['user']->name doesn't work. Regardless, I won't accept filter_rss(theme('username', $account)). It's messy. It may be possible to do something like module_exists('realname') ? $account->realname : $account->name if necessary.

The literal binary double-right-chevron symbol (») can't be directly inserted into the code. It needs to be either the HTML (») or the unicode ("\xC2\xBB").

This also needs to be in patch format

Should we then let the status text in the title?

Yes, the patch looks good except for that.

+    if ($poster->uid == $owner->uid) {
+      $item->title = t('!poster: ', $args);
+    }
+    else {
+      $item->title = t('!poster » !owner: ', $args);
+    }
+    $item->title .= $status_text;

The status text should be part of the translation here. (For example, in a right-to-left language, the translation would have the status on the left; but if we append it after translating, it will always be on the right.)

Additionally, the version of the status that goes in the title should be filter_xss($status->status, array()), not the version with the input filter run over it.

Oh, yes, actually I meant to say that it should be e.g. @poster instead of !poster to make sure they are properly escaped. Other than that the patch looks good

Committed, thanks!