XSF Discussion - 2015-11-28

dwd has left 00:08:20
dwd has left 00:08:35
dwd has left 00:13:38
dwd has left 00:13:38
boothj5 has joined 00:17:10
boothj5 has left 00:20:48
boothj5 has joined 00:20:52
boothj5 has left 00:22:40
boothj5 has joined 00:22:45
boothj5 has left 00:24:43
boothj5 has joined 00:25:42
boothj5 has left 00:30:21
boothj5 has joined 00:30:37
m&m has left 00:32:27
dwd has left 00:43:43
dwd has left 00:43:58
m&m has joined 00:53:18
foss81405971 has joined 01:04:26
dwd has left 01:12:28
dwd has left 01:13:24
tim@boese-ban.de has left 01:15:17
m&m has left 01:25:32
arty has left 01:28:20
arty has joined 01:28:20
dwd has left 01:28:21
dwd has left 01:37:18
Lance has joined 01:41:43
google-is-lord has left 01:47:18
dwd has left 01:52:30
dwd has left 01:53:37
Neustradamus has joined 01:54:15
boothj5 has left 01:55:42
Tobias has joined 02:01:14
dwd has left 02:01:15
Tobias has joined 02:01:16
dwd has left 02:01:33
dwd has left 02:14:43
daniel has joined 02:16:36
dwd has left 02:23:29
dwd has left 02:32:44
dwd has left 02:35:10
dwd has left 02:41:12
dwd has left 02:45:40
dwd has left 02:54:36
dwd has left 03:05:46
dwd has left 03:19:31
dwd has left 03:22:16
dwd has left 03:27:56
dwd has left 03:35:35
dwd has left 03:41:39
Jef has left 03:59:50
dwd has left 03:59:51
dwd has left 03:59:51
dwd has left 04:07:12
dwd has left 04:17:26
dwd has left 04:17:27
dwd has left 04:25:27
dwd has left 04:25:53
dwd has left 04:31:09
dwd has left 04:38:01
dwd has left 04:43:43
dwd has left 04:54:08
dwd has left 04:54:25
SamWhited has left 04:55:58
dwd has left 05:07:08
dwd has left 05:14:09
dwd has left 05:19:42
dwd has left 05:26:00
dwd has left 05:39:39
dwd has left 05:40:43
dwd has left 05:50:14
dwd has left 06:09:01
dwd has left 06:09:01
dwd has left 06:16:32
dwd has left 06:18:50
dwd has left 06:27:27
dwd has left 06:28:39
dwd has left 06:35:02
dwd has left 06:38:00
sezuan has left 06:40:34
dwd has left 06:42:50
daniel has joined 06:50:25
dwd has left 06:53:08
dwd has left 06:53:08
dwd has left 07:10:14
dwd has left 07:16:01
dwd has left 07:16:02
dwd has left 07:23:58
dwd has left 07:33:08
dwd has left 07:41:48
intosi has joined 07:47:26
dwd has left 07:53:01
dwd has left 08:11:53
dwd has left 08:25:57
dwd has left 08:31:23
waqas has left 08:37:34
dwd has left 08:44:00
tim@boese-ban.de has left 08:44:29
tim@boese-ban.de has joined 08:44:32
dwd has left 08:49:42
ralphm has left 08:51:51
dwd has left 08:53:06
dwd has left 08:55:20
Flow has joined 08:57:28
dwd has left 09:04:01
Lance has joined 09:09:33
dwd has left 09:15:31
dwd has left 09:25:01
dwd has left 09:27:09
xnyhps has left 09:30:55
xnyhps has left 09:34:42
sezuan has left 09:36:37
sezuan has left 09:36:37
sezuan has left 09:36:37
dwd has left 09:36:38
dwd has left 09:36:39
sezuan has joined 09:36:57
sezuan has left 09:39:11
sezuan has left 09:39:11
Alex has joined 09:39:28
sezuan has joined 09:39:32
Alex has left 09:41:07
intosi has left 09:47:56
dwd has left 09:48:01
dwd has left 09:49:32
intosi has left 09:52:22
dwd has left 09:58:27
dwd has left 10:04:06
dwd has left 10:18:21
dwd has left 10:18:41
dwd has left 10:28:53
sezuan has left 10:31:10
dwd has left 10:34:27
dwd has left 10:47:03
dwd has left 10:47:03
dwd has left 10:48:24
sezuan has left 10:57:43
dwd has left 11:02:21
Kevish has left 11:09:58
intosi has joined 11:10:51
intosi has left 11:11:19
intosi has joined 11:11:30
xnyhps has left 11:14:10
dwd has left 11:20:34
dwd has left 11:22:07
daniel has left 11:25:41
daniel has joined 11:26:13
daniel has left 11:26:43
daniel has joined 11:26:48
daniel has left 11:29:52
daniel has joined 11:29:58
intosi has left 11:36:41
dwd has left 11:37:02
intosi has joined 11:37:06
daniel has joined 11:39:11
dwd has left 11:49:27
dwd has left 11:49:47
dwd has left 11:57:34
dwd has left 11:57:34
daniel has joined 12:01:28
dwd has left 12:06:12
sezuan has left 12:06:28
dwd has left 12:10:13
daniel has left 12:15:21
daniel has joined 12:15:27
daniel has joined 12:20:22
daniel has joined 12:20:28
daniel has left 12:22:19
daniel has joined 12:22:25
Neustradamus has left 12:28:08
Lance has joined 12:29:05
intosi has left 12:31:03
intosi has joined 12:31:08
intosi has left 12:31:19
intosi has joined 12:31:43
dwd has left 12:32:01
dwd has left 12:53:33
intosi has left 12:54:54
intosi has joined 12:54:58
SouL has left 12:59:55
SouL has joined 13:01:05
dwd has left 13:02:41
intosi has joined 13:07:57
arune has left 13:10:21
dwd has left 13:14:41
xnyhps has left 13:20:56
dwd has left 13:36:17
dwd has left 13:37:04
waqas has joined 13:41:00
foss81405971 has joined 13:47:48
google-is-lord has left 13:48:35
dwd has left 13:53:06
dwd has left 13:53:20
daurnimator has left 13:55:05
ralphm has left 13:55:38
ralphm has left 14:01:05
dwd has left 14:11:37
dwd has left 14:12:16
ralphm has left 14:19:42
xnyhps has left 14:25:04
dwd has left 14:31:00
dwd has left 14:39:47
dwd has left 14:46:17
dwd has left 14:52:28
Link Mauve 14:58:08
Sigh… https://github.com/candy-chat/candy/issues/445
daniel has left 14:58:43
daniel has joined 14:58:48
SamWhited 15:00:23
This is why XHTML-IM needs to be replaced. I know technically it's secure, but it's too easy for people to screw it up.
xnyhps has joined 15:00:53
Link Mauve 15:02:37
Web people manage to screw up without its help, you know.
SamWhited 15:03:00
Exactly, the situation is bad enough as is without us encouraging it :)
daniel has joined 15:03:25
Jef has joined 15:03:29
Link Mauve 15:03:47
I think on the contrary, specifying a whitelist helps people get things right.
intosi has joined 15:04:29
SamWhited 15:04:59
Oh yah, the xep does it right, but no one actually reads standards.
daniel has left 15:06:19
daniel has joined 15:06:23
Link Mauve 15:06:55
Meh, Candy’s latest version seems actually pretty buggy.
SamWhited 15:07:05
(I'm only sort of being facetious now...)
intosi has left 15:08:26
daniel 15:09:35
but hey html in text message is a really good idea
Zash 15:10:27
So are you submitting a patch? ;)
Kevish 15:11:45
I'm not convinced that removing xhtml-im would improve anything.
Kevish 15:12:26
People who just want pretty text and don't care about how they do it are no better off without a spec telling them they're being silly, certainly, and for people who want pretty text and do care, it's helpful to give a 'right way' to do it.
Link Mauve 15:12:56
I fully agree with that.
daniel has joined 15:13:20
daniel has left 15:18:00
dwd has left 15:18:01
daniel has joined 15:18:05
daniel has left 15:19:08
daniel has joined 15:19:14
dwd has left 15:26:00
daniel has left 15:27:40
daniel has joined 15:27:45
daniel has left 15:30:33
daniel has joined 15:30:39
SamWhited 15:31:06
Nah, if we gave them basic-formatting-language-im I don't think they'd add script tags too it or inject out straight into the dom.
sezuan has left 15:31:53
daniel has joined 15:32:04
Link Mauve 15:32:10
You seem to be overestimating them.
Zash 15:32:11
That's exactly what would happen
Link Mauve 15:32:39
innerHTML is easy to use, and there is nothing that could harm the user in this new language right!
daniel has left 15:33:50
daniel has joined 15:33:56
daniel has left 15:35:45
daniel has joined 15:36:08
dwd has left 15:49:09
dwd has left 15:49:09
SamWhited 15:49:59
Fair enough :(
SamWhited 15:51:43
Yah, it's true; no idea where that burst of optimism came from, but you're right of course.
daniel has joined 15:52:41
Kevish 15:54:17
Nor me, but it's obviously not healthy :)
daniel has left 16:03:26
daniel has joined 16:03:34
dwd has left 16:03:34
dwd has left 16:04:04
xnyhps has joined 16:06:12
daniel has left 16:12:11
daniel has joined 16:12:33
daniel has joined 16:15:39
daniel has joined 16:15:45
bjc has left 16:17:10
dwd has left 16:17:11
daniel has joined 16:18:02
dwd has left 16:18:07
daniel has joined 16:18:08
daniel has left 16:21:46
daniel has joined 16:21:51
dwd has left 16:22:06
xnyhps has left 16:22:40
Flow has left 16:23:30
daniel has left 16:24:57
daniel has joined 16:25:06
dwd has left 16:32:12
SamWhited has left 16:44:02
dwd has left 16:49:44
tim@boese-ban.de has left 16:50:14
tim@boese-ban.de has joined 16:50:55
dwd has left 16:51:09
xnyhps has left 16:53:12
Jef has left 17:01:36
daniel has left 17:06:12
dwd has left 17:06:13
dwd has left 17:06:13
daniel has joined 17:06:19
edhelas has joined 17:09:43
dwd has left 17:12:28
dwd has left 17:13:17
dwd has left 17:19:35
dwd has left 17:20:15
Link Mauve 17:22:22
edhelas just reminded me that his client used to pass the body itself to the DOM. :p
Link Mauve 17:22:27
Without implementing XHTML-IM.
dwd has left 17:30:39
SamWhited 17:33:51
Theoretically the body is escaped though, so as long as you're not unescaping it you should be good (though it never hurts to double check).
SamWhited 17:34:33
I'm sure your could find a way to exploit it if you're sticking anything straight into the DOM
dwd has left 17:36:09
Link Mauve 17:37:53
No, there is no escaping in the strings you get from your XMPP library.
Link Mauve 17:38:11
It’s always the application role to escape things as they see fit.
daniel has joined 17:38:17
Kevish 17:39:28
Right. The body's escaped on the wire, but what you get out of your XMPP lib isn't going to be.
Zash 17:40:34
unless it's a really bad lib made of regexes
Link Mauve 17:40:39
:D
Zash 17:41:11
Also depends on how you put stuff into the DOM
Link Mauve 17:41:24
innerHTML ALL the things. o/
Jef has joined 17:42:44
dwd has left 17:50:15
dwd has left 17:50:42
dwd has left 17:51:20
dwd has left 17:55:55
dwd has left 17:58:25
dwd has left 18:06:36
dwd has left 18:10:39
daniel has left 18:21:17
daniel has joined 18:21:24
daniel has joined 18:22:26
daniel has joined 18:22:31
dwd has left 18:33:03
dwd has left 18:33:04
intosi has joined 18:41:19
Zash has left 18:42:17
sezuan has left 18:53:19
intosi has left 18:54:04
intosi has joined 18:54:20
dwd has left 18:58:21
daniel has left 19:00:11
daniel has joined 19:00:17
dwd has left 19:00:29
dwd has left 19:01:19
daniel has left 19:02:19
daniel has joined 19:02:25
sezuan has left 19:03:55
daniel has left 19:09:38
daniel has joined 19:09:43
dwd has left 19:09:44
dwd has left 19:10:25
xnyhps has joined 19:17:48
sezuan has left 19:18:02
andy has joined 19:25:36
dwd has left 19:32:32
Lance has joined 19:41:36
intosi has left 19:48:42
intosi has joined 19:49:08
tim@boese-ban.de has joined 19:51:32
tim@boese-ban.de has joined 19:52:08
andy has joined 19:57:46
dwd has left 20:00:57
dwd has left 20:09:10
dwd has left 20:19:45
dwd has left 20:20:40
dwd has left 20:29:29
andy has joined 20:33:44
dwd has left 20:35:51
dwd has left 20:41:09
dwd has left 20:47:52
xnyhps has left 20:48:06
intosi has left 20:53:29
intosi has joined 20:53:55
bjc has joined 20:59:49
dwd has left 21:04:34
google-is-lord has left 21:07:12
ralphm has left 21:09:14
dwd has left 21:20:44
dwd has left 21:21:01
foss81405971 has joined 21:26:09
dwd has left 21:27:49
google-is-lord has left 21:29:38
foss81405971 has joined 21:30:23
google-is-lord has left 21:30:38
andy has joined 21:33:49
foss81405971 has joined 21:33:59
dwd has left 21:36:50
dwd has left 21:36:50
daniel has left 21:39:32
daniel has joined 21:39:36
google-is-lord has left 21:40:16
foss81405971 has joined 21:40:34
dwd has left 21:45:09
dwd has left 21:54:47
dwd has left 21:55:07
dwd has left 21:56:40
dwd has left 22:03:59
google-is-lord has left 22:09:38
foss81405971 has joined 22:09:47
sezuan has left 22:14:09
dwd has left 22:26:40
dwd has left 22:27:34
edhelas has left 22:32:37
dwd has left 22:35:37
google-is-lord has left 22:41:21
dwd has left 22:43:48
foss81405971 has joined 22:43:54
bingooo has joined 22:45:59
bingooo has left 22:49:53
dwd has left 22:51:54
foss81405971 has joined 22:52:55
dwd has left 22:57:26
google-is-lord has left 23:02:46
boothj5 has joined 23:04:20
dwd has left 23:04:21
google-is-lord has left 23:14:38
bjc has left 23:15:41
dwd has left 23:15:42
dwd has left 23:15:42
foss81405971 has joined 23:16:21
boothj5 has left 23:18:12
boothj5 has joined 23:19:20
dwd has left 23:27:46
dwd has left 23:27:56
daurnimator has joined 23:32:57
dwd has left 23:32:58
dwd has left 23:42:19
dwd has left 23:42:20
google-is-lord has left 23:46:17
foss81405971 has joined 23:48:38
dwd has left 23:50:05
bingooo has joined 23:51:09
andy has joined 23:52:32
dwd has left 23:55:13