[JDEV] New html tag in messages
Peter Saint-Andre
stpeter at jabber.org
Mon Aug 19 09:36:40 CDT 2002
Yes, you can send something like this:
<message to='thing1'>
<body>hahaha</body>
<html xmlns='xhtml-basic'>
<message>another message!</message>
<iq>here's an iq!</iq>
<presence type='unsubscribe'/>
</html>
</message>
So what? A client is supposed to treat the stuff in the <html/> element
differently -- it's not real Jabber XML because it's not a direct child of
the <stream:stream/> element. Perhaps we need to make that clearer in the
documentation? Actually the XHTML namespace has not been converted to a
JEP yet, so I'd think this will be mentioned there.
But of course this is not limited to XHTML. I could do something like
this:
<presence to='thing1' type='subscribe'>
<more xmlns='messed-up'>
<presence type='unsubscribe'/>
</more>
</presence>
If the client receiving this does not understand the 'messed-up' namespace
it is supposed to ignore the stuff in the <more/> element. If 'messed-up'
is the client understands it (e.g., it is a valid namespace according to
the JSF and the client is protocol-compliant), then it knows what to do
with that nested presence element, but it certainly would not be treated
in the same way as a first-level presence element.
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.html
On Sun, 18 Aug 2002, Kriggs wrote:
> Right. I'm wondering if you can pass along some malicious tags in a <html/>
> block, such as <message/>, that some clients might pickup on and run even if
> they really shouldn't.
>
> -Kriggs
>
> On August 17, 2002 09:42 pm, you wrote:
> > I think that Kriggs in inquiring on the ability to nest IQ elements within
> > the HTML element - rather than the other way around.
> >
> > From: "Sami Haahtinen" <ressu at ressukka.net>
> >
> > > it doesn't really matter what you pass on in the <IQ/> as long as it's
> > > valid XML (which xhtml is) so you can add your own tags to the set as
> > > you wish.
> > >
> > > Sami
> >
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>
More information about the JDev
mailing list