[Standards] <[CDATA[ in XMPP
rcb at ceruleanstudios.com
Tue Jul 31 00:37:29 UTC 2007
On Jul 30, 2007, at 5:28 PM, Robin Redeker wrote:
> On Mon, Jul 30, 2007 at 05:12:16PM -0700, Rachel Blackman wrote:
>> Can I use <[CDATA[ in, say, roster additions or removals? If I'm
>> using it there, how do I need to process the text on the server-side
>> for the JIDs? If I send ' stpeter at jabber.org' as a CDATA element --
>> allowing the space in there -- how do I handle escaping it on the
>> server side? Do I just store it as ' stpeter at jabber.org' in the
>> roster? Do I need to re-escape it before sending it back? Do I need
>> to determine that the JID requires escaping, and so send that roster
>> item as a <[CDATA[ block? Does it show up as the same JID or
>> different than \20stpeter at jabber.org? Etc.
> ' stpeter at jabber.org' is not (yet) a valid JID.
> And you can already send such a JID to the server:
> <message to=" stpeter at jabber.org" ...
> I would expect the server to give me an error.
> On top of that is JID escaping in a completely different layer
> than XML escaping.
But we're discussing MAKING it a valid JID. I'd argue that if we're
discussing these things, we should consider the implications of such
changes during the course of the discussions. We are discussing
multiple methods of escaping data; if we really want more than one
way to do something, then we have an obligation as those laying down
the standards to determine how those different methods interact.
If I send '<item> stpeter at jabber.org</item>' to the server in a
roster add/remove request, it will almost certainly eat that
whitespace at the beginning. Now we're talking about making that,
for instance, '<item>\20stpeter at jabber.org</item>' with JID escaping,
so that you could actually have that space there. Okie, that's fine.
But now let's say I do '<item><![CDATA[ stpeter at jabber.org]]></item>'
-- is that processed as ' stpeter at jabber.org' (with the raw space),
thus requiring a CDATA block any time you want to refer to that JID?
Or is the burden on the server to convert it to \20stpeter at jabber.org
for the sake of compatibility, or what?
If it gets stored as a raw space, then you would have the possibility
of ' stpeter at jabber.org' and '\20stpeter at jabber.org' both being in
your list (and being visually identical in the client, but not
identical from an XMPP standpoint). Given that we consider the
present implementation of /caps/ to be a security hazard, I'd think
the ability to have visually identical JIDs which point to entirely
different people would count as a much larger one.
This is what I mean by added complexity from CDATA. :)
Rachel Blackman <rcb at ceruleanstudios.com>
Trillian Messenger - http://www.trillianastra.com/
More information about the Standards