[JDEV] New html tag in messages

[dlb]

From: "Richard Dobson" <richard at dobson-i.net>
> I think that is a remote possiblity and even if it does it is the sign of
a
> badly programmed client and not a fault with the protocol.

exactly
I doubt that a nested iq or message element could be exploited to run
anything - it wouldn't be recognized by the server and isn't relevant to
HTML.  A bigger concern IMO would be common script , object , img tag, and
buffer overflow, exploits where the client is using the Web Browser Control
a/o MSHTML.  You'd have the same vulnerabilities as the installed version of
IE.