[Standards] Proposed XMPP Extension: Message Markup

Goffi goffi at goffi.org
Wed Nov 8 09:28:24 UTC 2017


Le mercredi 8 novembre 2017, 10:11:52 CET Jonas Wielicki a écrit :
> On Mittwoch, 8. November 2017 08:29:49 CET Georg Lukas wrote:
> > * Goffi <goffi at goffi.org> [2017-11-08 08:17]:
> > > about the stars in the list items, it's not really nice to keep them.
> > > 
> > > It would be good to have an attribute to say which plain text characters
> > > can be safely removed without changing the meaning.
> > > For instance type="numeric" means than "^[0-9]+\)" can be removed,
> > > type="star" mean that the first character must be a "*" and it can be
> > > removed.
> > 
> > That's a nice idea. We need a mechanism where characters can not be
> > removed (so we can't end up different meanings depending on client
> > capabilities), but replaced in a fashion that is directly mapped to the
> > body. Rendering a number at the beginning of an item differently, or
> > replacing a "* " with some bullet point seems like a sane (albeit
> > slightly complex) approach.
> 
> This isn’t trivial, depending on the level of safety we want against
> spoofing attacks. For example, ordered lists usually come in different
> shapes, even though *western* people usually only use arabic numerals,
> probably closely followed by alphabetic lists, I can see other locales
> using e.g. japanese numerals. At that point any simple "strip the number
> until the next dot +whitespace" rule falls apart.
> 
> More complex rules and erasing of characters in general open the door for
> possible attacks which need to be thought about (by removing critical parts
> of a message with plausibly deniable markup), which is why I omitted that
> functionality them for now. It can be added later thanks to the "clients
> MUST ignore unknown elements and attributes" rule (clients which do not
> understand it will simply leave the characters in place).
> 
> I can’t think of good examples right now, but that doesn’t mean that those
> attacks aren’t there, unfortunately. It would also be nice to be able to
> specify erasing of for example "*" for emphasized text, which would give us
> nice compatibility with the Message Styling proposal.
> 
> In any case, *if* such a thing is added to the XEP, the set of characters
> which can be erased by each markup must be thought about carefully and it
> must be restricted. I fear that this might end up being easy to get wrong.
> 
> kind regards,
> Jonas


I agree this is tough and may be an extension to this XEP. I was suggesting a 
restricted set though, not trying to cover every way to present list in text. 
If we use a markup (and declare it), then it's reasonable to restrict to a 
unique way to do a numerical list, just to be compatible with text client. In 
the same spirit, unordered list can be restricted solely to "*", forgetting 
about "-", "+" or other "o".

For bold or italic markup, I think this may be more complicated, as the word 
can be anywhere in the sentence and the meaning could be changed (and we are 
back in putting ugly markup in the body, even if this time we can remove it 
and there is not more ambiguity, so this is more acceptable).

Anyway, let's first see if this protoXEP go to an official number.

++
Goffi


More information about the Standards mailing list