[jdev] Re: XHTML-IM XEP implementation
Ralph Meijer
jabber.org at ralphm.ik.nu
Fri Jan 5 06:51:18 CST 2007
On Thu, 2007-01-04 at 11:57 -0700, Peter Saint-Andre wrote:
> So many times people have brought this up, but at no time has anyone
> written up a spec for it. I wonder why?
>
> Do you want to include *all* XHTML content? Scripts? Media objects? Forms?
>
> If so, feel free to write up a spec for that. To me, it seems like a bad
> idea.
Indeed. And on top of that, client implementations that support
XHTML-IM, are strongly urged to sanitize incoming messages instead of
blindly feeding it to an embedded HTML renderer. This is how malware
gets its chance.
This also goes for a possible XHTML document enclosure XEP, or any other
non-local data for that matter.
--
Groetjes,
ralphm
More information about the JDev
mailing list