On 16 Oct 2017 9:54 pm, "Maxime Buquet" <[email protected]> wrote:
I am going to repeat what I said on xsf@ a bit. On 2017/10/16, Florian Schmaus wrote: > So the case for BMH are things like > - Bots sending potential large status information, where there's a > desire to bring some structure into that information by using a markup > language This can be achieved with XHTML-IM already. > - Bridges sending textual content which is already formatted using a > certain markup language to an XMPP client (guess who is currently > writing on a discourse to XMPP bridge *cough* *cough*) This can also be achieved with XHTML-IM. The bridge developer would know what markup is being used on the other side, and could translate it directly for each client, thus sparing clients from each having flawed/vulnerable implementations. > It was pointed out that this could also be achieved with XHTML-IM, which > is, of course, true. > But not every client implements XHTML-IM. Not every client implements $MARKUP. It is beginning to feel like I'm banging repeatedly on this particular drum, but years of experience on the network with clients that use fairly arbitrary lightweight markups based on organically grown use of puncuation for emphasis (ie, the same stuff that grew into Markdown et al) suggests that: a) This stuff is already out there, so adding an indicator that interpretation in this way is desirable is useful, and b) The lack of such interpretation, or inability to understand it were it there, has presented no barrier to interop. That said, I note that I am referring to IM messaging - Flow is talking about gatewaying to conferencing systems, which lean toward long-form text, and that typically involves a somewhat more involved markup. > And there are the security implications of XHTML-IM. This is being discussed on another thread, though, how does that compare to vulnerable markdown implementations? I read this as "My preferred technology is a proven security nightmare. Yours, despite all evidence to the contrary, might be. Therefore we should continue to use the security nightmare I happen to prefer." I reiterate, several clients in use already use lightweight, human-readable markup. I see zero security issues as a result. Thanks, -- Maxime “pep” Buquet _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________ PS, your domain has DMARC settings which cause all your mail to be treated as forged when it passes through a mailing list. For the avoidance of doubt, this is not the mailing list's fault; you have explicitly configured your domain for this. Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
