Regarding your proposal:
- You should still add a hash in the reference somehow so that clients *can* cache entries (even if you won't do it in Converse) - I already dislike the fact that we do HTTP requests to arbitrary servers for file transfers, as we might be leaking IP addresses in such cases. In the case of Converse, you are likely to get into GDPR issues when doing so without explicit user consent (and you don't want explicit user consent for every emoji). There is a reason why many e-Mail-Clients don't render remote content in e-Mails... - When this is combined with body-only e2e-encryption, you are leaking information as I guess you don't envision the emoji to be encrypted for each e2e session individually.

You can probably solve the second issue mentioned above and the issue with http files by proxying the image request through the server hosting Converse (which is what other popular sites that allow arbitrary http links like GitHub do). But I guess you don't want to do that.

Regarding your issues with using BOB:
- BOB does not depend on XHTML-IM. 0231 §2.2 specifically says that "any appropriate format can be used" to share the CID. This means it is also possible to use it in 0372 references (as you suggest to do just without http). - BOB does not require the sender to provide the file referenced by the CID 0231 §2.1 says that you can send the IQ to request the bytes to "potentially some other entity". If you don't expect the sending client to provide the file, it doesn't need to cache all stickers and it doesn't need to be online.


On 10/17/19 12:07 PM, JC Brand wrote:

I'm currently working on adding support for non-unicode emojis to Converse.js.

Currently, users can't upload their own images to be used for custom emojis,
mostly because Converse is a thin client with no backend support for it.

So to add custom emojis, the web host needs to edit a emojis.json file
to add new entries with URLs pointing to the actual images.

Concerning compatibility with other clients, I've discussed it with edhelas
and he told me he uses XEP-0231 BOB for sending stickers.

There are a few reasons why I'm not keen on using BOB:

- BOB depends on XHTML-IM which is deprecated. Converse.js doesn't support it
   and I'm reluctant to add support just for this.
- BOB mentions that binary data should be smaller than 1KB. Not sure how
   relevant that still is, but it discourages me from sending larger amounts.
- The sending client needs to maintain a cache of all sent stickers.
- AFAICT, when receiving an uncached BOB message via MAM and the sending client
   is offline, then you can't get the image data.

Instead, I propose that we use XEP-0372 references to indicate that a
particular shortname (e.g. :dancingpanda:) should be replaced with an image.

For example:

     <message type="chat" from="t...@chat.org" to="m...@chat.org"
         <body>I feel like dancing! :dancingpanda:</body>
         <reference xmlnx="urn:xmpp:reference:0"

I'm not sure whether "type" should be "data", seems a bit too generic for me,
perhaps it could be something else?

Some criticisms of this approach from edhelas:

- HTTP images can be sent to a webchat client served over HTTPS
- There's no size limit, so users can send links to very large stickers

Concerning the first criticism, a client can choose to not render HTTP
images inline and instead make the shortname a link which opens the image in a
new tab. Not ideal, but a compromise for the privacy and security conscious.

For the second I don't have a good answer.

That said, I currently still prefer my suggestion to using BOB. I'd be
interested to hear your feedback and suggestions.


Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org

Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org

Reply via email to