[Standards] Proposed XMPP Extension: Styling

Jonas Wielicki jonas at wielicki.name
Tue Nov 7 12:02:54 UTC 2017


On Montag, 6. November 2017 15:25:00 CET Sam Whited wrote:
> Although, in retrospect the body is escaped so this isn't as
> likely as XHTML-IM to be a problem unless you unescape and them dump it
> into the DOM (which is a problem regardless of what formatting spec you
> use).

Could you clarify? I can’t see anything in the XEP which mandates escaping 
(which wouldn’t help either with malicious senders).

When I put "<b>foo</b>" into a message, it will be sent as:

<body><b>foo</b></body>

Which every sane XML library will hand to the receiving application as a 
string containing "<b>foo</b>". At which point, if you pour that into a 
default markdown thing, you get HTML in the output.

kind regards,
Jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.jabber.org/pipermail/standards/attachments/20171107/49492eaa/attachment.sig>


More information about the Standards mailing list