[Standards] how to treat invalid XMPP?

Peter Saint-Andre stpeter at jabber.org
Mon Jul 16 17:43:44 UTC 2007


Jakob Schroeter wrote:
> Hi,
> 
> Apparantly there is a number of software packages that generates invalid XMPP. 
> I've seen at least unescaped ' and " in attribute values and character data, 
> respectively.
> 
> http://www.xmpp.org/rfcs/rfc3920.html#xml states that an XMPP implementation 
> must not generate such unescaped characters, and when it "receives such 
> restricted XML data, it MUST ignore the data".

Per earlier list discussion, that has changed in rfc3920bis:

http://www.xmpp.org/internet-drafts/draft-saintandre-rfc3920bis-03.html#xml-restrictions

The working text is as follows:

******

12.1.  Restrictions

XMPP is a simplified and specialized protocol for streaming XML elements
in order to exchange structured information in close to real time.
Because XMPP does not require the parsing of arbitrary and complete XML
documents, there is no requirement that XMPP needs to support the full
feature set of [XML] (Paoli, J., Maler, E., Sperberg-McQueen, C.,
Yergeau, F., and T. Bray, “Extensible Markup Language (XML) 1.0 (Fourth
Edition),” August 2006.). In particular, the following features of XML
are prohibited in XMPP:

    * comments (as defined in Section 2.5 of [XML] (Paoli, J., Maler,
E., Sperberg-McQueen, C., Yergeau, F., and T. Bray, “Extensible Markup
Language (XML) 1.0 (Fourth Edition),” August 2006.))
    * processing instructions (Section 2.6 therein)
    * internal or external DTD subsets (Section 2.8 therein)
    * internal or external entity references (Section 4.2 therein) with
the exception of predefined entities (Section 4.6 therein)
    * character data or attribute values containing unescaped characters
that map to the predefined entities (Section 4.6 therein); such
characters MUST be escaped

An XMPP implementation MUST behave as follow with regard to these features:

   1. An XMPP implementation MUST NOT inject characters matching such
features into an XML stream.
   2. If an XMPP implementation receives characters matching such
features over an XML stream, it MUST return a stream error, which SHOULD
be <restricted-xml/> but MAY be <bad-format/>.


******

Peter

-- 
Peter Saint-Andre
https://stpeter.im/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7354 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070716/eb3d25fd/attachment.bin>


More information about the Standards mailing list