Re: Jive's new stuff

Thread: Re: Jive's new stuff

Search this list only Search all lists
Re: Jive's new stuff
United States	2007-02-08 10:38:18
> On Feb 6, 2007, at 5:44 PM, Davinessto catfish.man-at-gmail.com \|psi/ > personal\| wrote: > >> Hi everyone, >> >> I'm the author of the draft spec linked to from the blog entry, and >> the current maintainer of Adium's webkit message view code, so feel >> free to fire any questions about it my way. I'm also looking for >> feedback on the draft spec, because I'd really rather not discover >> some horrible issue with it after investing time implementing it in >> Spark and Adium >> ... > > Hi David, > > Just out of curiosity, how hard do you (or can you) try to sanitize > incoming text to make sure that the Javascript engine and/or HTML > renderer can't be exploited to do "bad things"? Was that a > consideration? Is the chat stream sufficiently isolated (or scrubbed) > so that it's not an issue? > > I'd hate to see IM clients start to go down the same bloody path that > email clients have already suffered (MS Outlook, anyone?). > > - Brian Hi Brian, In Adium we run everything through CFXMLCreateStringByEscapingEntities, which should sanitize things fairly effectively. This will be more of an issue for web based clients, though. I'll have to investigate how SparkWeb is handling it. David _______________________________________________ psi-devel mailing list psi-devellists.affinix.com http://lists.affinix.com/listinfo.cgi/psi-devel-affin ix.com

[1]