[jdev] Re: XHTML-IM XEP implementation
bz at datenkueche.com
Fri Jan 5 07:15:13 CST 2007
I'm looking for a xss filter, but couldn't find a xslt based
filter for xhtml.
I make browser based jabber clients and the problem with
to take over the account - that's not good.
Here I tried to make a filter:
If somebody has a better filter please tell me. Otherwise feel free to
test and improve it.
> Indeed. And on top of that, client implementations that support
> XHTML-IM, are strongly urged to sanitize incoming messages instead of
> blindly feeding it to an embedded HTML renderer. This is how malware
> gets its chance.
> This also goes for a possible XHTML document enclosure XEP, or any other
> non-local data for that matter.
More information about the JDev