-
PAP0
quien vende cc
-
lovetox
i have some problem understanding the jid escaping
-
lovetox
it seem incompatible with jid splitting into its part
-
lovetox
say a user provides a string "user@host@example.com"
-
lovetox
to use jid escaping here, i need first to know what the localpart is
-
lovetox
as escaping must only be on localparts
-
lovetox
but the localpart here would be, "user" incorrectly
-
lovetox
RFC: Remove any portion from the beginning of the string to the first '@' character (if there is an '@' character present).
-
jonas’
lovetox, the user needs to provide an escaped JID if you use that input format
-
jonas’
JID escaping of stuff like @ is more interesting for transports than anything else
-
jonas’
I also think that you shouldn’t allow JID-escaping @. It opens the door for fun impersonation attacks.
-
lovetox
im trying to implement the XEP, the XEP goal is to escape userinput
-
lovetox
not that users escape it on their own
-
lovetox
it expicilty provides test vectors where userinput is unescaped
-
lovetox
im asking the question now, how the XEP thinks i should escape that jid, maybe im missing something
-
jonas’
well then, you can’t have it both ways ;)
-
Kev
In escaping, the hostname isn't escaped unless I'm misremembering.
-
jonas’
you can only safely escape the localpart if you take it as separate input
-
Kev
So that one you can safely escape because there's no resource part.
-
Kev
But if you gave e.g. user@something/user@something/user@something it'd be entirely ambiguous how to escape it.
-
Kev
As long as it's a bare JID you're escaping, you're ok.
-
jonas’
Kev, `user@host@example.com` is ambiguous already, isn’t it?
-
jonas’
(the example provided by lovetox)
-
lovetox
Kev, the JID parsing rules split on the first q✎ -
lovetox
Kev, the JID parsing rules split on the first @ ✏
-
Kev
Only if I misremember about not escaping hosts.
-
Kev
Let me see.
-
jonas’
Kev, no, you’re right about that
-
Kev
lovetox: But you're not parsing a JID.
-
lovetox
of course, user input is a JId
-
Kev
No, it's not.
-
jonas’
but is it localpart=user\40host, domain=example.com or is it localpart=user, domain=user@example.com
-
Kev
It's only a JID once you've done the escaping on it.
-
lovetox
Ok Kev, how do i find the domainpart in a string that is not a JID
-
Kev
jonas’: But user@example.com isn't a valid domainpart.
-
jonas’
Kev, aha!
-
jonas’
right
-
jonas’
so since @ cannot exist in a domainpart && you know that there is no resourcepart, you know where to split
-
Kev
So if you know that post-escaping it will be a bare JID, you look right-to-left for an @, and the remainder is escaped as the node
-
jonas’
(i.e. you can waive the splitting rules in RFC6122 and rsplit instead of lsplit because of htat)✎ -
jonas’
(i.e. you can waive the splitting rules in RFC6122 and rsplit instead of lsplit because of that) ✏
-
lovetox
ok are you sure about that
-
lovetox
did you just think that up right now?
-
jonas’
>>> aioxmpp.stringprep.nodeprep("@foo") Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3/dist-packages/aioxmpp/stringprep.py", line 159, in nodeprep check_prohibited_output( File "/usr/lib/python3/dist-packages/aioxmpp/stringprep.py", line 116, in check_prohibited_output raise ValueError("Input contains invalid unicode codepoint: " ValueError: Input contains invalid unicode codepoint: U+0040
-
eta
>_>
-
jonas’
@ is not allowed in the domainpart according to nodeprep
-
Kev
Yes, I'm sure that a domainpart in a JID can't contain an @
-
lovetox
thats not what i meant, you just described a parsing mechanism, that is nowhere described in the XEP, but seems needed to implement that
-
Kev
I am sure that if you are trying to escape input in order to produce a bare JID that you can do so in the manner I described, yes.
-
jonas’
lovetox, if it’s not allowed in the domainpart (which is true) && you do not support a resourcepart in your input, then it is safe to parse from the right side
-
jonas’
if you *do* support a resourcepart, then you cannot do that
-
Kev
I'm not pretending that 106 is well-written in how to practically escape stuff, BTW.
-
jonas’
oh
-
jonas’
Kev, we’re both wrong
-
jonas’
the domainpart is *nameprep*, not *nodeprep*
-
jonas’
nameprep allows @
-
jonas’
(disclaimer: unless buggy implementation on my side)
-
lovetox
it does only matter if idna allows @ in a domain part
-
Kev
I am convinced you can't have a @ in a domainpart. I could be wrong, but I am still currently convinced.
-
lovetox
thats correct
-
lovetox
IDNA2008 does not allow @
-
jonas’
Kev, nothing in https://tools.ietf.org/html/rfc3491 forbids @
-
jonas’
idna2003 seems to allow it though
-
lovetox
luckily i dont use that then :D
-
jonas’
bad thing that you can’t know what a domain registrar uses
-
lovetox
lucky that userinput is mostly bare jid
-
jonas’
but I think it’s fairly safe to assume that if someone has a domain with an `@` in it, it is going to break way more than just an XMPP client
-
lovetox
i cant come up with a case where a user might want to specify a full jid
-
jonas’
so I wouldn’t blame a client for breaking on that :)
-
jonas’
(especially if "breaking" is just escaping stuff, and not segfaulting or something crazy like that)
-
jonas’
lovetox, so go ahead
-
Ge0rG
who's using @ in the localpart anyway, instead of %, # or _?
-
lovetox
Users?
-
lovetox
you can’t know what a user types into the JID field :)
-
Kev
If you're doing escaping on it, it's not a JID field, it's an arbitrary input to be turned into a JID field ;)
-
jonas’
Kev, -fno-pedantic
-
Kev
Sometimes these things do matter.
-
jonas’
(I hope this gcc-level joke comes across)
-
Kev
And in this case, it actually does, because if you try using JID parsing rules on something that isn't a JID ,you have pain - as shown earlier!
-
lovetox
hm / is also not allowed with IDNA2008
-
lovetox
so could we not do a rsplit in @, afterwards do a first encounter / split on the result
-
lovetox
that would always produce domain and resource
-
lovetox
then we can even support resource user input
-
lovetox
oh damn @ is allowed in the resource
-
lovetox
forget what i said
-
Kev
I think the question has to be what you're trying to have the user enter.
-
lovetox
i think this cant be done perfectly
-
lovetox
i can give the user a hint, that he only should input bare jids
-
lovetox
but i cant really find out if he did that
-
lovetox
<a.example.com/b@example.net>
-
jonas’
not with JID escaping, indeed
-
jonas’
without JID escaping, that is a ufll JID✎ -
jonas’
without JID escaping, that is a full JID with empty localpart ✏
-
lovetox
correct with that example, JID parsing, and userinput parsing yield different results
-
lovetox
but i guess i can live with that :)
-
jonas’
yeah
-
jonas’
nobody needs to enter full JIDs manually anyways
-
lovetox
if / where disallowed to escape
-
lovetox
we could do split on first / then do a rsplit on @
-
lovetox
and everything would work
-
lovetox
and this parsing could then be used for jids and userinput
-
lovetox
at least with IDNA2008
-
lovetox
:)
-
lovetox
further question
-
lovetox
XEP says : * Note: The character sequence \20 MUST NOT be the first or last character of an escaped localpart.
-
lovetox
but it does not say what we have to do when we encounter such a JID on the wire
-
lovetox
because \20@asd.com is a valid JID
-
lovetox
does that mean i have to ignore the first \20
-
lovetox
and not convert it to a space
-
jonas’
lovetox, not convert it is probably the "right" thing
-
jonas’
since it would be an invalid JID otherwise
-
lovetox
no i meant unescape it
-
Ge0rG
at least the one with the least resulting damage
-
lovetox
means "\20call\20me@example.com" -> "\20call me@example.com"
-
jonas’
lovetox, yeah
-
Ge0rG
somebody should add such evil examples to the XEP
-
lovetox
jonas’, fyi you are missing that rule in your aioxmpp escaping code
-
lovetox
also a client that supports escaping, is not able to generate such a jid on the wire
-
lovetox
if the user inputs \20 at the start, it would be \5c20 on the wire
-
lovetox
hm so that means a user in my client can’t add a contact with such a JID
-
lovetox
thats insane, now i need an exception for that too
-
lovetox
This XEP is highly underspecified
-
jonas’
lovetox, this XEP is a terrible bandaid and I wouldn’t expose users to it at all
-
jonas’
in the sense that in any place where JIDs may be used for direct input, I’d show the JIDs as they are on-the-wire
-
jonas’
the only reason the aioxmpp implementation exists is to facilitate search and display on s.j.n, where you have a separate copy button which will copy the correctly-escaped version
-
lovetox
i wish i didnt spend the last 3 hours to implement that
-
lovetox
maybe i should just ignore that, and fuck the people who choose a JID that starts with \20 :D
-
lovetox
the problem is also that there are circumstances where you don’t know if a JID is escaped or not
-
lovetox
xmpp:call\20me@example.com
-
lovetox
is this escaped or not?
-
jonas’
I consider URIs to be on-the-wire
-
lovetox
thats the only way, because consider it escaped would not be backwards compatible
-
lovetox
hm, that would only influence how i display it
-
lovetox
so that would be fine
-
lovetox
so i should consider uris as escaped
-
lovetox
and take them as is to be backwards compatible
-
lovetox
hm maybe i should really only use this for displaying and not for input
-
lovetox
seems safer
-
lovetox
or i offer a button where user can disable escaping on input
-
lovetox
hm or what if i only escape \ when there are not allowed chars in the JID
-
lovetox
yeah if someone writes call/20me@example.com , i simply consider it escaped already✎ -
lovetox
yeah if someone writes call\20me@example.com , i simply consider it escaped already ✏
-
jonas’
that sounds like a reasonable plan
-
lovetox
and fuck the people who mix unescape and escaped sequences in the input
-
lovetox
why does that rule exist
-
lovetox
that we have to escape \20 to \5c20
-
lovetox
whats the danger when not doing that
-
jonas’
because what if a matrix user is called yo\20life
-
lovetox
hm in understand why i would receive \5c20
-
lovetox
but why do i have to transform this on my userinput
-
lovetox
im not a matrix client or a gateway
-
lovetox
hm i guess for the same reason, when the user wants his name displayed as \20
-
lovetox
not as space
-
lovetox
but hard to know what the user wants here
-
jonas’
"In face of ambiguity, refuse the temptation to guess"
-
lovetox
hmmm its only a problem for the 10 escaped chars .. i guess when i encounter any of the 10 escape sequeneces, i have to tell the user that input expects unescaped input
-
lovetox
that means if he wants to write yo\20life on matrix, he can put this in, but when he want to write call\20me on xmpp, he has to write "call me"
-
lovetox
not sure if that makes sense or not
-
eta
isn't that what the transport interaction XEP was supposed to solve
-
lovetox
the more i read this the less it makes sense
-
lovetox
Note: The character sequence \20 MUST NOT be the first or last character of an escaped localpart.
-
lovetox
how can an addon XEP make such a rule
-
jonas’
because that is the document which defines `escaped localpart`
-
jonas’
(as opposed to RFC 6122 localpart)
-
jonas’
thus, by definition, a localpart starting with \20 is *not* an escaped localpart
-
lovetox
ok, so it means if i encounter a jid \20\27asd@example.com
-
lovetox
i have to display it like that
-
lovetox
and not unescape it, because its not escaped to begin with
-
jonas’
exactly
-
jonas’
lovetox, care to file a PR with a test case for that?
-
jonas’
for the test vector list in the XEP
-
lovetox
hm yeah a add it to my list
-
lovetox
ok so its clear how to deal with it when i encounter it on the wire
-
lovetox
still need a way to write such a JID
-
jonas’
well, so if you encounter `\20foo` in an input, it is clear. No need to escape anything here.
-
jonas’
if you encounter `\20foo bar` in an input, you need to escape, so you’d get `\5c20foo\20bar`
-
lovetox
what if he wants to write the JID: \5c20foo@bar?
-
jonas’
"run"
-
lovetox
:D
-
lovetox
i think i make a simple, escape checkbox, that is by default checked
-
MattJ
Or just don't?
-
Ge0rG
checkboxes are awesome
-
MattJ
[X] Sarcasm
-
Martin
❎ Obviously
-
Zash
✅ True fact
-
flow
You could probably just assume that JIDs entered by the user are unescaped and run the escape algorithm over them. Some goes in the other direction: Every JID shown to the user, e.g. in the MUC member list, is unescaped first.
-
lovetox
flow the problem with an assumption without giving the user the choice is
-
lovetox
that you can’t talk to some jids anymore
-
mac
السلام عليكم