Niklas Gustavsson wrote: > On Mon, Jul 6, 2009 at 7:36 AM, Bernd Fondermann<bf_...@brainlounge.de> wrote: >> Yes, I'm too. >> In the beginning, I thought this is like XML. But it isn't quite like >> it. Prefixes only are important when starting streams (and maybe later >> when you have conflicting XML payload in a stanza. >> >> Here an excerpt from 12.2.3. Extended Namespaces in >> http://tools.ietf.org/html/draft-saintandre-rfc3920bis-09 >> >> An implementation SHOULD NOT generate namespace prefixes for elements >> qualified by content (as opposed to stream) namespaces other than the >> default namespace. However, if included, the namespace declarations >> for those prefixes MUST be included on the stanza root or a child >> thereof, not at the level of the stream element (this helps to ensure >> that any such namespace declaration is routed and delivered with the >> stanza, instead of assumed from the stream). >> <<<< >> >> This confused me a lot. > > Me too, if I'm reading this correctly it says one should never used > prefixed namespaces, but if you really need to, it should be declared > on the stanza level. Which kind of seems to make sense if one wants to > keep the XML as simple as possible.
Exactly. > >> Do you have the malicious stanza at hand? > > <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN" > xmlns:ga="http://www.google.com/talk/protocol/auth"; > ga:client-uses-full-bind-result="true">AHVzZXIxAHBhc3N3b3JkMQ==</auth> > > This extension is documented here: > http://code.google.com/apis/talk/jep_extensions/jid_domain_change.html I think we need a JIRA for this. Bernd
