[Standards] LAST CALL: XEP-0232 (Software Information)

Joe Hildebrand hildjj at gmail.com
Thu Jan 22 22:45:48 UTC 2009


On Jan 21, 2009, at 2:31 PM, Remko Tronçon wrote:

> Shouldn't it be specified how the 'value' field should be interpreted
> for things like 'icon' etc.? Should this be limited to http URIs? I
> guess it is with data forms, because you can only have one string as a
> value child?

Yes, this should be specified.

> Shouldn't the security considerations mention something about fetching
> the icons OOB? (i.e. exposing unwanted information about location
> etc., potential malicious files, ...)

Yes.  Particularly since there have been attacks against various image  
libraries.


More information about the Standards mailing list