Jakob Schroeter wrote: > Hi, > > Apparantly there is a number of software packages that generates invalid > XMPP. > I've seen at least unescaped ' and " in attribute values and character data, > respectively. > > http://www.xmpp.org/rfcs/rfc3920.html#xml states that an XMPP implementation > must not generate such unescaped characters, and when it "receives such > restricted XML data, it MUST ignore the data".
Per earlier list discussion, that has changed in rfc3920bis: http://www.xmpp.org/internet-drafts/draft-saintandre-rfc3920bis-03.html#xml-restrictions The working text is as follows: ****** 12.1. Restrictions XMPP is a simplified and specialized protocol for streaming XML elements in order to exchange structured information in close to real time. Because XMPP does not require the parsing of arbitrary and complete XML documents, there is no requirement that XMPP needs to support the full feature set of [XML] (Paoli, J., Maler, E., Sperberg-McQueen, C., Yergeau, F., and T. Bray, “Extensible Markup Language (XML) 1.0 (Fourth Edition),” August 2006.). In particular, the following features of XML are prohibited in XMPP: * comments (as defined in Section 2.5 of [XML] (Paoli, J., Maler, E., Sperberg-McQueen, C., Yergeau, F., and T. Bray, “Extensible Markup Language (XML) 1.0 (Fourth Edition),” August 2006.)) * processing instructions (Section 2.6 therein) * internal or external DTD subsets (Section 2.8 therein) * internal or external entity references (Section 4.2 therein) with the exception of predefined entities (Section 4.6 therein) * character data or attribute values containing unescaped characters that map to the predefined entities (Section 4.6 therein); such characters MUST be escaped An XMPP implementation MUST behave as follow with regard to these features: 1. An XMPP implementation MUST NOT inject characters matching such features into an XML stream. 2. If an XMPP implementation receives characters matching such features over an XML stream, it MUST return a stream error, which SHOULD be <restricted-xml/> but MAY be <bad-format/>. ****** Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
