[Standards] LAST CALL: XEP-0232 (Software Information)
hildjj at gmail.com
Thu Jan 22 22:45:48 UTC 2009
On Jan 21, 2009, at 2:31 PM, Remko Tronçon wrote:
> Shouldn't it be specified how the 'value' field should be interpreted
> for things like 'icon' etc.? Should this be limited to http URIs? I
> guess it is with data forms, because you can only have one string as a
> value child?
Yes, this should be specified.
> Shouldn't the security considerations mention something about fetching
> the icons OOB? (i.e. exposing unwanted information about location
> etc., potential malicious files, ...)
Yes. Particularly since there have been attacks against various image
More information about the Standards