On Saturday, January 31, 2015 03:40:14 PM Cyril Soler wrote: > The problem is that the GUI uses strings everywhere at many points, and we > cannot patch/check them all. It's more efficient to catch them as soon as > they arrive to the local node. The common point where this happens is the > serialisation.
I believe the real problem is we are using HTML as transport format while we are not capable of rendering it safely We should use a simple syntax for chat messages and similar stuff and use html just for rendering. 1) User_a type simple text ( if we really need emoticons we can give support to simbols like :| B) and so on, but i do prefer to have them just as plain text ) 2) RS_a send the message as is (plain text) 3) RS_b receive the plain text message 4) received message is eventually converted to HTML by GUI_b 5) GUI_b renders safe HTML generated at step 4 The other evil implication of using HTML as transport is that we are forcing all possible GUI to be capable of rendering HTML, i have experienced this while i developed android GUI, i was forced to use a WebView for the chat and this introduced a lot of complications and problems, like inconsistent rendering respect to th e Qt gui, vulnerabilities and so on... I understand in the Web 2.shit era people do expect to put image and stuff like that in a chat but i belive this should not be a priority for RS and use HTML as transport is not the good way of doing this ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Retroshare-devel mailing list Retroshare-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/retroshare-devel
