How fitting. I was just reviewing security aspects of this document.
I'm particularly concerned that <include/> are to be processed by the
importer regardless of where they appear in the input
because the input appears to contain content under user control. For
instance, consider for instance the import of an
export of a offline message:
<message xmlns='jabber:client' from='[email protected]/orchard' to='[email protected]
/balcony' type='chat'>
<body>Neither, fair saint, if either thee dislike.</body>
<x xmlns='http://example' xmlns:xi='http://www.w3.org/2001/
XInclude'><xi:include href="file:///dev/random"/></x>
<delay xmlns='urn:xmpp:delay' from='capulet.com'
stamp='1469-07-21T00:32:29Z'> Offline Storage </delay> </message>
This got me wondering about what other damage could be done by
blinding trusting content not under the administrator's
control is safe... but I have to dive deeper.
-- Kurt
