[jdev] Re: XHTML-IM XEP implementation

Ralph Meijer jabber.org at ralphm.ik.nu
Fri Jan 5 06:51:18 CST 2007

On Thu, 2007-01-04 at 11:57 -0700, Peter Saint-Andre wrote:
> So many times people have brought this up, but at no time has anyone 
> written up a spec for it. I wonder why?
> Do you want to include *all* XHTML content? Scripts? Media objects? Forms?
> If so, feel free to write up a spec for that. To me, it seems like a bad 
> idea.

Indeed. And on top of that, client implementations that support
XHTML-IM, are strongly urged to sanitize incoming messages instead of
blindly feeding it to an embedded HTML renderer. This is how malware
gets its chance.

This also goes for a possible XHTML document enclosure XEP, or any other
non-local data for that matter.



More information about the JDev mailing list