diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2008-06-05 14:57:11 +0000 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2008-06-05 14:57:11 +0000 |
commit | 47e2d0d3a157024aef52a9f059952562f4df004e (patch) | |
tree | 4571ea43df374dcd3e3e56fe12f8d5cbb52f0616 /spec/Channel_Interface_HTML.xml | |
parent | 1ae0b9adbdd0d851763f7f14cbf9ecd2bd8eae02 (diff) | |
download | telepathy-glib-47e2d0d3a157024aef52a9f059952562f4df004e.tar.gz |
Update spec from tp-spec-smcv (0.17.7 release candidate)
20080605145711-53eee-109378f205d091dd7362297701c6329148d33a7c.gz
Diffstat (limited to 'spec/Channel_Interface_HTML.xml')
-rw-r--r-- | spec/Channel_Interface_HTML.xml | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/spec/Channel_Interface_HTML.xml b/spec/Channel_Interface_HTML.xml index 33f85be88..ad86867ca 100644 --- a/spec/Channel_Interface_HTML.xml +++ b/spec/Channel_Interface_HTML.xml @@ -49,11 +49,15 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.</ <p>Client authors SHOULD pay careful attention to the security considerations in XEP-0071, "XHTML-IM", to avoid exposing client users - to security risks. - (FIXME: or should the presence of this interface act as a guarantee - that the CM will perform filtering on "text/html" parts? In practice - that would mean all CMs had to link against a tag-soup parser like - libxml2)</p> + to security risks. Clients MUST NOT assume that connection managers + will filter messages to remove unsafe HTML.</p> + + <tp:rationale> + <p>Connection managers are the components in Telepathy that are most + likely to be exploitable by a remote attacker to run malicious code + (since they are network-facing), so any filtering that the CM does + might be subverted.</p> + </tp:rationale> <p>To avoid misleading users, clients SHOULD only present UI for the subset of HTML that is indicated to be supported by this @@ -71,8 +75,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.</ Clients SHOULD attempt to parse messages as XHTML, but fall back to using a permissive "tag-soup" HTML parser if that fails. (FIXME: or should the presence of this interface imply that the - CM filters and fixes up "text/html"? In practice that would result - in all the CMs having to link against libxml2 or something)</p> + CM fixes up "text/html" to be XHTML? In practice that would result + in all the CMs having to link against libxml2 or something... the + rationale above no longer applies here, since dropping a malformed + message is "safe")</p> </tp:docstring> </interface> |