On Mon, Jul 6, 2009 at 7:36 AM, Bernd Fondermann<bf_...@brainlounge.de> wrote: > Yes, I'm too. > In the beginning, I thought this is like XML. But it isn't quite like > it. Prefixes only are important when starting streams (and maybe later > when you have conflicting XML payload in a stanza. > > Here an excerpt from 12.2.3. Extended Namespaces in > http://tools.ietf.org/html/draft-saintandre-rfc3920bis-09 > >>>>> > An implementation SHOULD NOT generate namespace prefixes for elements > qualified by content (as opposed to stream) namespaces other than the > default namespace. However, if included, the namespace declarations > for those prefixes MUST be included on the stanza root or a child > thereof, not at the level of the stream element (this helps to ensure > that any such namespace declaration is routed and delivered with the > stanza, instead of assumed from the stream). > <<<< > > This confused me a lot.
Me too, if I'm reading this correctly it says one should never used prefixed namespaces, but if you really need to, it should be declared on the stanza level. Which kind of seems to make sense if one wants to keep the XML as simple as possible. > Do you have the malicious stanza at hand? <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN" xmlns:ga="http://www.google.com/talk/protocol/auth"; ga:client-uses-full-bind-result="true">AHVzZXIxAHBhc3N3b3JkMQ==</auth> This extension is documented here: http://code.google.com/apis/talk/jep_extensions/jid_domain_change.html /niklas
