On Mittwoch, 8. November 2017 08:29:49 CET Georg Lukas wrote: > * Goffi <go...@goffi.org> [2017-11-08 08:17]: > > about the stars in the list items, it's not really nice to keep them. > > > > It would be good to have an attribute to say which plain text characters > > can be safely removed without changing the meaning. > > For instance type="numeric" means than "^[0-9]+\)" can be removed, > > type="star" mean that the first character must be a "*" and it can be > > removed. > That's a nice idea. We need a mechanism where characters can not be > removed (so we can't end up different meanings depending on client > capabilities), but replaced in a fashion that is directly mapped to the > body. Rendering a number at the beginning of an item differently, or > replacing a "* " with some bullet point seems like a sane (albeit > slightly complex) approach.
This isn’t trivial, depending on the level of safety we want against spoofing attacks. For example, ordered lists usually come in different shapes, even though *western* people usually only use arabic numerals, probably closely followed by alphabetic lists, I can see other locales using e.g. japanese numerals. At that point any simple "strip the number until the next dot +whitespace" rule falls apart. More complex rules and erasing of characters in general open the door for possible attacks which need to be thought about (by removing critical parts of a message with plausibly deniable markup), which is why I omitted that functionality them for now. It can be added later thanks to the "clients MUST ignore unknown elements and attributes" rule (clients which do not understand it will simply leave the characters in place). I can’t think of good examples right now, but that doesn’t mean that those attacks aren’t there, unfortunately. It would also be nice to be able to specify erasing of for example "*" for emphasized text, which would give us nice compatibility with the Message Styling proposal. In any case, *if* such a thing is added to the XEP, the set of characters which can be erased by each markup must be thought about carefully and it must be restricted. I fear that this might end up being easy to get wrong. kind regards, Jonas
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________