XSF logo XSF Discussion - 2015-11-28

  1. dwd has left
  2. dwd has left
  3. dwd has left
  4. dwd has left
  5. boothj5 has joined
  6. boothj5 has left
  7. boothj5 has joined
  8. boothj5 has left
  9. boothj5 has joined
  10. boothj5 has left
  11. boothj5 has joined
  12. boothj5 has left
  13. boothj5 has joined
  14. m&m has left
  15. dwd has left
  16. dwd has left
  17. m&m has joined
  18. foss81405971 has joined
  19. dwd has left
  20. dwd has left
  21. tim@boese-ban.de has left
  22. m&m has left
  23. arty has left
  24. arty has joined
  25. dwd has left
  26. dwd has left
  27. Lance has joined
  28. google-is-lord has left
  29. dwd has left
  30. dwd has left
  31. Neustradamus has joined
  32. boothj5 has left
  33. Tobias has joined
  34. dwd has left
  35. Tobias has joined
  36. dwd has left
  37. dwd has left
  38. daniel has joined
  39. dwd has left
  40. dwd has left
  41. dwd has left
  42. dwd has left
  43. dwd has left
  44. dwd has left
  45. dwd has left
  46. dwd has left
  47. dwd has left
  48. dwd has left
  49. dwd has left
  50. dwd has left
  51. Jef has left
  52. dwd has left
  53. dwd has left
  54. dwd has left
  55. dwd has left
  56. dwd has left
  57. dwd has left
  58. dwd has left
  59. dwd has left
  60. dwd has left
  61. dwd has left
  62. dwd has left
  63. dwd has left
  64. SamWhited has left
  65. dwd has left
  66. dwd has left
  67. dwd has left
  68. dwd has left
  69. dwd has left
  70. dwd has left
  71. dwd has left
  72. dwd has left
  73. dwd has left
  74. dwd has left
  75. dwd has left
  76. dwd has left
  77. dwd has left
  78. dwd has left
  79. dwd has left
  80. sezuan has left
  81. dwd has left
  82. daniel has joined
  83. dwd has left
  84. dwd has left
  85. dwd has left
  86. dwd has left
  87. dwd has left
  88. dwd has left
  89. dwd has left
  90. dwd has left
  91. intosi has joined
  92. dwd has left
  93. dwd has left
  94. dwd has left
  95. dwd has left
  96. waqas has left
  97. dwd has left
  98. tim@boese-ban.de has left
  99. tim@boese-ban.de has joined
  100. dwd has left
  101. ralphm has left
  102. dwd has left
  103. dwd has left
  104. Flow has joined
  105. dwd has left
  106. Lance has joined
  107. dwd has left
  108. dwd has left
  109. dwd has left
  110. xnyhps has left
  111. xnyhps has left
  112. sezuan has left
  113. sezuan has left
  114. sezuan has left
  115. dwd has left
  116. dwd has left
  117. sezuan has joined
  118. sezuan has left
  119. sezuan has left
  120. Alex has joined
  121. sezuan has joined
  122. Alex has left
  123. intosi has left
  124. dwd has left
  125. dwd has left
  126. intosi has left
  127. dwd has left
  128. dwd has left
  129. dwd has left
  130. dwd has left
  131. dwd has left
  132. sezuan has left
  133. dwd has left
  134. dwd has left
  135. dwd has left
  136. dwd has left
  137. sezuan has left
  138. dwd has left
  139. Kevish has left
  140. intosi has joined
  141. intosi has left
  142. intosi has joined
  143. xnyhps has left
  144. dwd has left
  145. dwd has left
  146. daniel has left
  147. daniel has joined
  148. daniel has left
  149. daniel has joined
  150. daniel has left
  151. daniel has joined
  152. intosi has left
  153. dwd has left
  154. intosi has joined
  155. daniel has joined
  156. dwd has left
  157. dwd has left
  158. dwd has left
  159. dwd has left
  160. daniel has joined
  161. dwd has left
  162. sezuan has left
  163. dwd has left
  164. daniel has left
  165. daniel has joined
  166. daniel has joined
  167. daniel has joined
  168. daniel has left
  169. daniel has joined
  170. Neustradamus has left
  171. Lance has joined
  172. intosi has left
  173. intosi has joined
  174. intosi has left
  175. intosi has joined
  176. dwd has left
  177. dwd has left
  178. intosi has left
  179. intosi has joined
  180. SouL has left
  181. SouL has joined
  182. dwd has left
  183. intosi has joined
  184. arune has left
  185. dwd has left
  186. xnyhps has left
  187. dwd has left
  188. dwd has left
  189. waqas has joined
  190. foss81405971 has joined
  191. google-is-lord has left
  192. dwd has left
  193. dwd has left
  194. daurnimator has left
  195. ralphm has left
  196. ralphm has left
  197. dwd has left
  198. dwd has left
  199. ralphm has left
  200. xnyhps has left
  201. dwd has left
  202. dwd has left
  203. dwd has left
  204. dwd has left
  205. Link Mauve Sigh… https://github.com/candy-chat/candy/issues/445
  206. daniel has left
  207. daniel has joined
  208. SamWhited This is why XHTML-IM needs to be replaced. I know technically it's secure, but it's too easy for people to screw it up.
  209. xnyhps has joined
  210. Link Mauve Web people manage to screw up without its help, you know.
  211. SamWhited Exactly, the situation is bad enough as is without us encouraging it :)
  212. daniel has joined
  213. Jef has joined
  214. Link Mauve I think on the contrary, specifying a whitelist helps people get things right.
  215. intosi has joined
  216. SamWhited Oh yah, the xep does it right, but no one actually reads standards.
  217. daniel has left
  218. daniel has joined
  219. Link Mauve Meh, Candy’s latest version seems actually pretty buggy.
  220. SamWhited (I'm only sort of being facetious now...)
  221. intosi has left
  222. daniel but hey html in text message is a really good idea
  223. Zash So are you submitting a patch? ;)
  224. Kevish I'm not convinced that removing xhtml-im would improve anything.
  225. Kevish People who just want pretty text and don't care about how they do it are no better off without a spec telling them they're being silly, certainly, and for people who want pretty text and do care, it's helpful to give a 'right way' to do it.
  226. Link Mauve I fully agree with that.
  227. daniel has joined
  228. daniel has left
  229. dwd has left
  230. daniel has joined
  231. daniel has left
  232. daniel has joined
  233. dwd has left
  234. daniel has left
  235. daniel has joined
  236. daniel has left
  237. daniel has joined
  238. SamWhited Nah, if we gave them basic-formatting-language-im I don't think they'd add script tags too it or inject out straight into the dom.
  239. sezuan has left
  240. daniel has joined
  241. Link Mauve You seem to be overestimating them.
  242. Zash That's exactly what would happen
  243. Link Mauve innerHTML is easy to use, and there is nothing that could harm the user in this new language right!
  244. daniel has left
  245. daniel has joined
  246. daniel has left
  247. daniel has joined
  248. dwd has left
  249. dwd has left
  250. SamWhited Fair enough :(
  251. SamWhited Yah, it's true; no idea where that burst of optimism came from, but you're right of course.
  252. daniel has joined
  253. Kevish Nor me, but it's obviously not healthy :)
  254. daniel has left
  255. daniel has joined
  256. dwd has left
  257. dwd has left
  258. xnyhps has joined
  259. daniel has left
  260. daniel has joined
  261. daniel has joined
  262. daniel has joined
  263. bjc has left
  264. dwd has left
  265. daniel has joined
  266. dwd has left
  267. daniel has joined
  268. daniel has left
  269. daniel has joined
  270. dwd has left
  271. xnyhps has left
  272. Flow has left
  273. daniel has left
  274. daniel has joined
  275. dwd has left
  276. SamWhited has left
  277. dwd has left
  278. tim@boese-ban.de has left
  279. tim@boese-ban.de has joined
  280. dwd has left
  281. xnyhps has left
  282. Jef has left
  283. daniel has left
  284. dwd has left
  285. dwd has left
  286. daniel has joined
  287. edhelas has joined
  288. dwd has left
  289. dwd has left
  290. dwd has left
  291. dwd has left
  292. Link Mauve edhelas just reminded me that his client used to pass the body itself to the DOM. :p
  293. Link Mauve Without implementing XHTML-IM.
  294. dwd has left
  295. SamWhited Theoretically the body is escaped though, so as long as you're not unescaping it you should be good (though it never hurts to double check).
  296. SamWhited I'm sure your could find a way to exploit it if you're sticking anything straight into the DOM
  297. dwd has left
  298. Link Mauve No, there is no escaping in the strings you get from your XMPP library.
  299. Link Mauve It’s always the application role to escape things as they see fit.
  300. daniel has joined
  301. Kevish Right. The body's escaped on the wire, but what you get out of your XMPP lib isn't going to be.
  302. Zash unless it's a really bad lib made of regexes
  303. Link Mauve :D
  304. Zash Also depends on how you put stuff into the DOM
  305. Link Mauve innerHTML ALL the things. o/
  306. Jef has joined
  307. dwd has left
  308. dwd has left
  309. dwd has left
  310. dwd has left
  311. dwd has left
  312. dwd has left
  313. dwd has left
  314. daniel has left
  315. daniel has joined
  316. daniel has joined
  317. daniel has joined
  318. dwd has left
  319. dwd has left
  320. intosi has joined
  321. Zash has left
  322. sezuan has left
  323. intosi has left
  324. intosi has joined
  325. dwd has left
  326. daniel has left
  327. daniel has joined
  328. dwd has left
  329. dwd has left
  330. daniel has left
  331. daniel has joined
  332. sezuan has left
  333. daniel has left
  334. daniel has joined
  335. dwd has left
  336. dwd has left
  337. xnyhps has joined
  338. sezuan has left
  339. andy has joined
  340. dwd has left
  341. Lance has joined
  342. intosi has left
  343. intosi has joined
  344. tim@boese-ban.de has joined
  345. tim@boese-ban.de has joined
  346. andy has joined
  347. dwd has left
  348. dwd has left
  349. dwd has left
  350. dwd has left
  351. dwd has left
  352. andy has joined
  353. dwd has left
  354. dwd has left
  355. dwd has left
  356. xnyhps has left
  357. intosi has left
  358. intosi has joined
  359. bjc has joined
  360. dwd has left
  361. google-is-lord has left
  362. ralphm has left
  363. dwd has left
  364. dwd has left
  365. foss81405971 has joined
  366. dwd has left
  367. google-is-lord has left
  368. foss81405971 has joined
  369. google-is-lord has left
  370. andy has joined
  371. foss81405971 has joined
  372. dwd has left
  373. dwd has left
  374. daniel has left
  375. daniel has joined
  376. google-is-lord has left
  377. foss81405971 has joined
  378. dwd has left
  379. dwd has left
  380. dwd has left
  381. dwd has left
  382. dwd has left
  383. google-is-lord has left
  384. foss81405971 has joined
  385. sezuan has left
  386. dwd has left
  387. dwd has left
  388. edhelas has left
  389. dwd has left
  390. google-is-lord has left
  391. dwd has left
  392. foss81405971 has joined
  393. bingooo has joined
  394. bingooo has left
  395. dwd has left
  396. foss81405971 has joined
  397. dwd has left
  398. google-is-lord has left
  399. boothj5 has joined
  400. dwd has left
  401. google-is-lord has left
  402. bjc has left
  403. dwd has left
  404. dwd has left
  405. foss81405971 has joined
  406. boothj5 has left
  407. boothj5 has joined
  408. dwd has left
  409. dwd has left
  410. daurnimator has joined
  411. dwd has left
  412. dwd has left
  413. dwd has left
  414. google-is-lord has left
  415. foss81405971 has joined
  416. dwd has left
  417. bingooo has joined
  418. andy has joined
  419. dwd has left