XSF Discussion - 2015-11-28


  1. dwd has left

  2. dwd has left

  3. dwd has left

  4. dwd has left

  5. boothj5 has joined

  6. boothj5 has left

  7. boothj5 has joined

  8. boothj5 has left

  9. boothj5 has joined

  10. boothj5 has left

  11. boothj5 has joined

  12. boothj5 has left

  13. boothj5 has joined

  14. m&m has left

  15. dwd has left

  16. dwd has left

  17. m&m has joined

  18. foss81405971 has joined

  19. dwd has left

  20. dwd has left

  21. tim@boese-ban.de has left

  22. m&m has left

  23. arty has left

  24. arty has joined

  25. dwd has left

  26. dwd has left

  27. Lance has joined

  28. google-is-lord has left

  29. dwd has left

  30. dwd has left

  31. Neustradamus has joined

  32. boothj5 has left

  33. Tobias has joined

  34. dwd has left

  35. Tobias has joined

  36. dwd has left

  37. dwd has left

  38. daniel has joined

  39. dwd has left

  40. dwd has left

  41. dwd has left

  42. dwd has left

  43. dwd has left

  44. dwd has left

  45. dwd has left

  46. dwd has left

  47. dwd has left

  48. dwd has left

  49. dwd has left

  50. dwd has left

  51. Jef has left

  52. dwd has left

  53. dwd has left

  54. dwd has left

  55. dwd has left

  56. dwd has left

  57. dwd has left

  58. dwd has left

  59. dwd has left

  60. dwd has left

  61. dwd has left

  62. dwd has left

  63. dwd has left

  64. SamWhited has left

  65. dwd has left

  66. dwd has left

  67. dwd has left

  68. dwd has left

  69. dwd has left

  70. dwd has left

  71. dwd has left

  72. dwd has left

  73. dwd has left

  74. dwd has left

  75. dwd has left

  76. dwd has left

  77. dwd has left

  78. dwd has left

  79. dwd has left

  80. sezuan has left

  81. dwd has left

  82. daniel has joined

  83. dwd has left

  84. dwd has left

  85. dwd has left

  86. dwd has left

  87. dwd has left

  88. dwd has left

  89. dwd has left

  90. dwd has left

  91. intosi has joined

  92. dwd has left

  93. dwd has left

  94. dwd has left

  95. dwd has left

  96. waqas has left

  97. dwd has left

  98. tim@boese-ban.de has left

  99. tim@boese-ban.de has joined

  100. dwd has left

  101. ralphm has left

  102. dwd has left

  103. dwd has left

  104. Flow has joined

  105. dwd has left

  106. Lance has joined

  107. dwd has left

  108. dwd has left

  109. dwd has left

  110. xnyhps has left

  111. xnyhps has left

  112. sezuan has left

  113. sezuan has left

  114. sezuan has left

  115. dwd has left

  116. dwd has left

  117. sezuan has joined

  118. sezuan has left

  119. sezuan has left

  120. Alex has joined

  121. sezuan has joined

  122. Alex has left

  123. intosi has left

  124. dwd has left

  125. dwd has left

  126. intosi has left

  127. dwd has left

  128. dwd has left

  129. dwd has left

  130. dwd has left

  131. dwd has left

  132. sezuan has left

  133. dwd has left

  134. dwd has left

  135. dwd has left

  136. dwd has left

  137. sezuan has left

  138. dwd has left

  139. Kevish has left

  140. intosi has joined

  141. intosi has left

  142. intosi has joined

  143. xnyhps has left

  144. dwd has left

  145. dwd has left

  146. daniel has left

  147. daniel has joined

  148. daniel has left

  149. daniel has joined

  150. daniel has left

  151. daniel has joined

  152. intosi has left

  153. dwd has left

  154. intosi has joined

  155. daniel has joined

  156. dwd has left

  157. dwd has left

  158. dwd has left

  159. dwd has left

  160. daniel has joined

  161. dwd has left

  162. sezuan has left

  163. dwd has left

  164. daniel has left

  165. daniel has joined

  166. daniel has joined

  167. daniel has joined

  168. daniel has left

  169. daniel has joined

  170. Neustradamus has left

  171. Lance has joined

  172. intosi has left

  173. intosi has joined

  174. intosi has left

  175. intosi has joined

  176. dwd has left

  177. dwd has left

  178. intosi has left

  179. intosi has joined

  180. SouL has left

  181. SouL has joined

  182. dwd has left

  183. intosi has joined

  184. arune has left

  185. dwd has left

  186. xnyhps has left

  187. dwd has left

  188. dwd has left

  189. waqas has joined

  190. foss81405971 has joined

  191. google-is-lord has left

  192. dwd has left

  193. dwd has left

  194. daurnimator has left

  195. ralphm has left

  196. ralphm has left

  197. dwd has left

  198. dwd has left

  199. ralphm has left

  200. xnyhps has left

  201. dwd has left

  202. dwd has left

  203. dwd has left

  204. dwd has left

  205. Link Mauve

    Sigh… https://github.com/candy-chat/candy/issues/445

  206. daniel has left

  207. daniel has joined

  208. SamWhited

    This is why XHTML-IM needs to be replaced. I know technically it's secure, but it's too easy for people to screw it up.

  209. xnyhps has joined

  210. Link Mauve

    Web people manage to screw up without its help, you know.

  211. SamWhited

    Exactly, the situation is bad enough as is without us encouraging it :)

  212. daniel has joined

  213. Jef has joined

  214. Link Mauve

    I think on the contrary, specifying a whitelist helps people get things right.

  215. intosi has joined

  216. SamWhited

    Oh yah, the xep does it right, but no one actually reads standards.

  217. daniel has left

  218. daniel has joined

  219. Link Mauve

    Meh, Candy’s latest version seems actually pretty buggy.

  220. SamWhited

    (I'm only sort of being facetious now...)

  221. intosi has left

  222. daniel

    but hey html in text message is a really good idea

  223. Zash

    So are you submitting a patch? ;)

  224. Kevish

    I'm not convinced that removing xhtml-im would improve anything.

  225. Kevish

    People who just want pretty text and don't care about how they do it are no better off without a spec telling them they're being silly, certainly, and for people who want pretty text and do care, it's helpful to give a 'right way' to do it.

  226. Link Mauve

    I fully agree with that.

  227. daniel has joined

  228. daniel has left

  229. dwd has left

  230. daniel has joined

  231. daniel has left

  232. daniel has joined

  233. dwd has left

  234. daniel has left

  235. daniel has joined

  236. daniel has left

  237. daniel has joined

  238. SamWhited

    Nah, if we gave them basic-formatting-language-im I don't think they'd add script tags too it or inject out straight into the dom.

  239. sezuan has left

  240. daniel has joined

  241. Link Mauve

    You seem to be overestimating them.

  242. Zash

    That's exactly what would happen

  243. Link Mauve

    innerHTML is easy to use, and there is nothing that could harm the user in this new language right!

  244. daniel has left

  245. daniel has joined

  246. daniel has left

  247. daniel has joined

  248. dwd has left

  249. dwd has left

  250. SamWhited

    Fair enough :(

  251. SamWhited

    Yah, it's true; no idea where that burst of optimism came from, but you're right of course.

  252. daniel has joined

  253. Kevish

    Nor me, but it's obviously not healthy :)

  254. daniel has left

  255. daniel has joined

  256. dwd has left

  257. dwd has left

  258. xnyhps has joined

  259. daniel has left

  260. daniel has joined

  261. daniel has joined

  262. daniel has joined

  263. bjc has left

  264. dwd has left

  265. daniel has joined

  266. dwd has left

  267. daniel has joined

  268. daniel has left

  269. daniel has joined

  270. dwd has left

  271. xnyhps has left

  272. Flow has left

  273. daniel has left

  274. daniel has joined

  275. dwd has left

  276. SamWhited has left

  277. dwd has left

  278. tim@boese-ban.de has left

  279. tim@boese-ban.de has joined

  280. dwd has left

  281. xnyhps has left

  282. Jef has left

  283. daniel has left

  284. dwd has left

  285. dwd has left

  286. daniel has joined

  287. edhelas has joined

  288. dwd has left

  289. dwd has left

  290. dwd has left

  291. dwd has left

  292. Link Mauve

    edhelas just reminded me that his client used to pass the body itself to the DOM. :p

  293. Link Mauve

    Without implementing XHTML-IM.

  294. dwd has left

  295. SamWhited

    Theoretically the body is escaped though, so as long as you're not unescaping it you should be good (though it never hurts to double check).

  296. SamWhited

    I'm sure your could find a way to exploit it if you're sticking anything straight into the DOM

  297. dwd has left

  298. Link Mauve

    No, there is no escaping in the strings you get from your XMPP library.

  299. Link Mauve

    It’s always the application role to escape things as they see fit.

  300. daniel has joined

  301. Kevish

    Right. The body's escaped on the wire, but what you get out of your XMPP lib isn't going to be.

  302. Zash

    unless it's a really bad lib made of regexes

  303. Link Mauve

    :D

  304. Zash

    Also depends on how you put stuff into the DOM

  305. Link Mauve

    innerHTML ALL the things. o/

  306. Jef has joined

  307. dwd has left

  308. dwd has left

  309. dwd has left

  310. dwd has left

  311. dwd has left

  312. dwd has left

  313. dwd has left

  314. daniel has left

  315. daniel has joined

  316. daniel has joined

  317. daniel has joined

  318. dwd has left

  319. dwd has left

  320. intosi has joined

  321. Zash has left

  322. sezuan has left

  323. intosi has left

  324. intosi has joined

  325. dwd has left

  326. daniel has left

  327. daniel has joined

  328. dwd has left

  329. dwd has left

  330. daniel has left

  331. daniel has joined

  332. sezuan has left

  333. daniel has left

  334. daniel has joined

  335. dwd has left

  336. dwd has left

  337. xnyhps has joined

  338. sezuan has left

  339. andy has joined

  340. dwd has left

  341. Lance has joined

  342. intosi has left

  343. intosi has joined

  344. tim@boese-ban.de has joined

  345. tim@boese-ban.de has joined

  346. andy has joined

  347. dwd has left

  348. dwd has left

  349. dwd has left

  350. dwd has left

  351. dwd has left

  352. andy has joined

  353. dwd has left

  354. dwd has left

  355. dwd has left

  356. xnyhps has left

  357. intosi has left

  358. intosi has joined

  359. bjc has joined

  360. dwd has left

  361. google-is-lord has left

  362. ralphm has left

  363. dwd has left

  364. dwd has left

  365. foss81405971 has joined

  366. dwd has left

  367. google-is-lord has left

  368. foss81405971 has joined

  369. google-is-lord has left

  370. andy has joined

  371. foss81405971 has joined

  372. dwd has left

  373. dwd has left

  374. daniel has left

  375. daniel has joined

  376. google-is-lord has left

  377. foss81405971 has joined

  378. dwd has left

  379. dwd has left

  380. dwd has left

  381. dwd has left

  382. dwd has left

  383. google-is-lord has left

  384. foss81405971 has joined

  385. sezuan has left

  386. dwd has left

  387. dwd has left

  388. edhelas has left

  389. dwd has left

  390. google-is-lord has left

  391. dwd has left

  392. foss81405971 has joined

  393. bingooo has joined

  394. bingooo has left

  395. dwd has left

  396. foss81405971 has joined

  397. dwd has left

  398. google-is-lord has left

  399. boothj5 has joined

  400. dwd has left

  401. google-is-lord has left

  402. bjc has left

  403. dwd has left

  404. dwd has left

  405. foss81405971 has joined

  406. boothj5 has left

  407. boothj5 has joined

  408. dwd has left

  409. dwd has left

  410. daurnimator has joined

  411. dwd has left

  412. dwd has left

  413. dwd has left

  414. google-is-lord has left

  415. foss81405971 has joined

  416. dwd has left

  417. bingooo has joined

  418. andy has joined

  419. dwd has left