Ticket #112 (closed defect: fixed)

Opened 14 months ago

Last modified 14 months ago

disallowing unquoted XML predefined entities

Reported by: smoku Owned by: smoku
Priority: critical Component: XMPP Complaince
Version: 2.1 Keywords:
Cc: Tracforge_linkmap:
Blocking: Blocked By:

Description

The XML predefined entities: http://www.w3.org/TR/2006/REC-xml-20060816/#sec-predefined-ent are not allowed in XMPP stream: http://www.xmpp.org/rfcs/rfc3920.html#xml-restrictions

We MUST not produce them in outgoing stream and we MUST ignore them.

Change History

Changed 14 months ago by smoku

(In [297]) Fixed XML predefined entities quoting in serialized XML. Refs #112

Changed 14 months ago by smoku

  • status changed from new to assigned

The question is: What does ignore mean?

Ignore the unquotet character? That would mean altering the packet. Unacceptable.

Ignore the whole packet? Loosing packets is even more unacceptable.

RFC bis http://www.xmpp.org/internet-drafts/draft-saintandre-rfc3920bis-03.html#xml-restrictions brings the answer - we MUST bail out with <restricted-xml/> stream error.

Changed 14 months ago by smoku

  • status changed from assigned to closed
  • resolution set to fixed

(In [301]) Stream error on unquoted predefined entities on stream. Fixes #112

Changed 14 months ago by smoku

(In [302]) Stream error on unquoted predefined entities on stream. Fixes #112

Changed 14 months ago by smoku

(In [304]) Reverted r301:302 changes. Let the parser be permissive. Refs #112

Note: See TracTickets for help on using tickets.