[Standards] Call for Experience: Advancement of XEP-0071 (XHTML-IM) to Final

Joe Hildebrand (jhildebr) jhildebr at cisco.com
Fri Oct 12 17:20:15 UTC 2012

On 10/12/12 7:53 AM, "Peter Saint-Andre" <stpeter at stpeter.im> wrote:

>>> (I also wonder why we don't support <q/> for inline quotation...)
>> Yes, it seems that the set of allowed tags should be reviewed too.
>Maybe. :) I'm sure we had good reasons for the limited subset we defined
>in 2003-2004, and I am not sure we want to reconsider every element and
>attribute when the XEP is so mature.

IIRC, the goal was to have as small a subset as possible where we had
thought about how each of the pieces could be used as an attack vector.
What suffered in the process was the ability to take random HTML from a
web page or other application and paste it in without losing markup.  A
good example of this is pasting from Excel, which generates <table>'s.  I
know of at least one set of clients that allows <table>, <tr>, etc. to be
both sent and received, in contravention of the XEP, due to customer

The thing I know we missed was the sender styling a message that contains
a newline so that the receiving client renders a line that looked like the
receiver sent a message they didn't send.  We should probably add some
text that recommends indenting subsequent lines or otherwise
distinguishing sent text from received text.

Joe Hildebrand

More information about the Standards mailing list