[jitsi-dev] OTR + parsing font tag issues


#1

Hello Jitsi Dev. I have install Jitsi 2.2 on Ubuntu and notice problem
with chat when I am using OTR and other person use client which use a
custom theme or font.

What happening is

If not OTR is enabled, and person send me a message the message just
appears as text

If OTR is on and person send me a message, the message will have <FONT> or
<FONT SIZE=XX> or other font tag attributes.

These font tag will not show in message box.

Side problem.

If someone send a message that for a reson had text between "<" and ">" the
text between will not show up in the pop up notification box.

example

someone send: <hello how are you>
message box will be empty

someone send: hello <how are you> what a lovely day
massage box will only show: hello what a lovely day

The problem.

Jitsi is not parsing Font tags properly


#2

I wasn't aware of the OTR interaction. But I had certainly reported a tag parsing bug in other areas (since it can be used to do nasty things to a client through XSS eg load images and any HTML3.2 compatible content.). That bug is here:

https://trac.jitsi.org/ticket/1216

I think stripping these tags out is the best approach if you ask me. That or display them as literal <tags>, because parsing and filtering HTML is error prone. But then we get into questions about HTML encoding and such and I have no idea what the standards say on this topic.

Toby

···

From: dev-bounces@jitsi.org [mailto:dev-bounces@jitsi.org] On Behalf Of ml lists
Sent: 24 October 2013 17:07
To: dev@jitsi.org
Subject: [jitsi-dev] OTR + parsing font tag issues

Hello Jitsi Dev. I have install Jitsi 2.2 on Ubuntu and notice problem with chat when I am using OTR and other person use client which use a custom theme or font.

What happening is
If not OTR is enabled, and person send me a message the message just appears as text
If OTR is on and person send me a message, the message will have <FONT> or <FONT SIZE=XX> or other font tag attributes.
These font tag will not show in message box.

Side problem.
If someone send a message that for a reson had text between "<" and ">" the text between will not show up in the pop up notification box.

example

someone send: <hello how are you>
message box will be empty
someone send: hello <how are you> what a lovely day
massage box will only show: hello what a lovely day

The problem.
Jitsi is not parsing Font tags properly


#3

Hi all,

This was discussed many moons ago:

http://lists.jitsi.org/pipermail/dev/2013-July/017708.html

No decision was made as to how to change Jitsi to handle this.

Erik M Jacobs
Director, JumpShip Services
A Division of EjectButton, Ltd
PGP Key ID: 9CA64161

···

On 10/24/2013 12:34 PM, Toby Pinder wrote:

I wasn�t aware of the OTR interaction. But I had certainly reported a
tag parsing bug in other areas (since it can be used to do nasty things
to a client through XSS eg load images and any HTML3.2 compatible
content.). That bug is here:

https://trac.jitsi.org/ticket/1216

I think stripping these tags out is the best approach if you ask me.
That or display them as literal <tags>, because parsing and filtering
HTML is error prone. But then we get into questions about HTML encoding
and such and I have no idea what the standards say on this topic.

Toby

*From:*dev-bounces@jitsi.org [mailto:dev-bounces@jitsi.org] *On Behalf
Of *ml lists
*Sent:* 24 October 2013 17:07
*To:* dev@jitsi.org
*Subject:* [jitsi-dev] OTR + parsing font tag issues

Hello Jitsi Dev. I have install Jitsi 2.2 on Ubuntu and notice problem
with chat when I am using OTR and other person use client which use a
custom theme or font.

What happening is

If not OTR is enabled, and person send me a message the message just
appears as text

If OTR is on and person send me a message, the message will have <FONT>
or <FONT SIZE=XX> or other font tag attributes.

These font tag will not show in message box.

Side problem.

If someone send a message that for a reson had text between "<" and ">"
the text between will not show up in the pop up notification box.

example

someone send: <hello how are you>

message box will be empty

someone send: hello <how are you> what a lovely day

massage box will only show: hello what a lovely day

The problem.

Jitsi is not parsing Font tags properly

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev