On Thu, Oct 12, 2017, at 03:09, Dave Cridland wrote: > I would note that in principle, a content security policy ought to > prevent such attacks outright. > > But there would, probably, remain several other innovative attacks, > such as passing client-specific markup intended to duplicate existing > UI elements.
Indeed. Using a restricted subset of a complicated system always introduces the risk that some part of that complexity will not be understood and will leak out, possibly causing security issues. We see that on the web fairly regularly. It's my beleif that it's always better to use a simple, complete system instead of a restricted, complex system. We see the same thing with XMPP's use of XML: we may use a sane subset of it, but since the underlying libraries still handle things like proc insts and whatever the ampersand escape thing is called you still get attacks based on those every so often (even though they're forbidden in XMPP). I didn't bring this up in the original mail because it tends to get a bit abstract, but it's worth discussing if we move to make a replacement. > So overall, I think we should move rich IM formatting to Markdown and > call it done. Let's discuss this in a separate thread. I'd really like to try and keep this about deprecating XHTML-IM, which I think is an orthogonal track of work (unless you disagree, in which case, please voice that here!). Thanks, Sam _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________