Adrian Sutton blogs about the lack of CSS support in RSS aggregators, and concludes:
"There has been a huge push in recent years to move away from the old habits of early HTML and to leverage CSS for presentation – the fact that it doesn’t work in feed readers is a major pain for people trying to do the right thing. It’s good that we identified a security threat and dealt with it quickly – but it’s not acceptable to stop there. We need to work to get the functionality that we used to have back without reintroducing the security risks. It’s not simple, but it is important."
That’s a valid point, and I’m glad Adrian raises it. As the author of both an HTML/CSS editor (TopStyle) and an RSS aggregator (FeedDemon), this is something that I’ve wrestled with quite a bit. On the one hand, I’ve promoted the power of CSS by creating a web authoring tool tailored for building CSS-based sites, yet on the other hand I’m taking that power away by creating an RSS reader that removes CSS from feeds. What gives?
It all started back in 2003, when Mark Pilgrim’s "platypus prank" illustrated how feeds containing CSS could be a problem. Most RSS aggregator developers (myself included) tackled this problem by completely removing all styles from feed content. Since then, I’ve experimented with stripping only "unsafe" CSS from feeds, and despite Adrian’s claim that doing so requires a lot of work, it’s actually quite easy to do (especially for me, since I already have code in TopStyle that could do this, and it would be painless to plunk it into FeedDemon).
The real problem isn’t security, though: it’s presentation (ironically). Leaving styles intact makes sense if you’re reading one post at a time, but it makes less sense in a river of news where posts from multiple feeds flow down the page. The purpose of a river of news isn’t to retain the presentation of any single post, but instead to provide a common presentation for all posts, making it easy to pick out the ones that interest you. If each post had its own style, you could end up with river of news that looks like a ransom note. Given how some bloggers and MSM outlets will do anything to grab your attention, I’ll wager that outcome is far from unlikely.
Another problem – and this is one that bothers me when I don the TopStyle hat – is that if I followed Bloglines’ approach and permitted a whitelist of inline styles, then feed authors couldn’t use classes defined in an external style sheet. In other words, they’d be forced to resort to using style attributes on individual HTML tags, which kills the maintenance benefit of using CSS in the first place. To me, the best thing about CSS is that it enables storing a site’s presentation in a single file – just change the external style sheet, and that change will be reflected site-wide. This benefit is lost when you use inline styles.
So, perhaps the real question isn’t whether RSS aggregators should support inline styles, but whether they should also support external styles as well? Despite my love for CSS, my vote would be no – not because it would be hard to do, but because of the potential impact on the feed-reading experience.
And if only inline styles are supported, which ones make the cut? Personally, I’d want a smaller whitelist than the one Bloglines supports, and I’d also want to make sure that properties such as "float" don’t impact subsequent posts in a river of news view.
Update: Sam Ruby points out that there’s a Sanitation Rules wiki devoted to this topic.
Personally I am quite happy with stripped styles in RSS. I read RSS feeds for content, not UI. If I want the full CSS / UI experience I’ll go to the website for that.
Hey Nick,
Thanks for responding to this, you raise some really good points. I tend to agree that external CSS shouldn’t be included – that’s the CSS that really is all display. Inline CSS seems different to me though – that’s the styles that were somehow special and different to the rest, there’s a pretty good chance that they are actually a part of the content rather than part of the design.
That said, I’m well aware of the unfortunate reality that lots of people abuse inline CSS so having the option to strip styles is probably useful. I wonder though, do you strip other HTML formatting tags like font?
Lots to think about, I’ll probably revisit this issue, so thanks for getting me thinking.
Floats can be prevented from affecting subsequent content by using a “block formatting context”. overflow:hidden is the simplest way to achieve this.
I agree with Lux – the good thing about feed readers is they give a uniform presentation instead of having to wade through differing appearances from all the sites.
I personally wouldn’t change a thing.
I personally would like the choice of enabling styles on a per feed basis.
This way I can enjoy the well behaved feeds, and if some misbehave, I just disable their styling.
I think that good designers would make the right choices to enhance their posts, even on a “river of news” style reader