<remark><p>Per a vote of the XMPP Council, advanced status to Draft; concurrently, the XMPP Registrar issued the urn:xmpp:media-element namespace.</p></remark>
<remark><p>Changed MUST to SHOULD regarding inclusion of uri element; allowed inclusion of codecs parameter in type attribute per RFC 4281; added Security Considerations section.</p></remark>
<p>In certain protocols that make use of &xep0004;, it can be helpful to include media data such as small images. One example of such a "using protocol" is &xep0158;. This document defines a method for including media data in a data form.</p>
<p>The root element for media data is <media/>. This element MUST be qualified by the "urn:xmpp:media-element' namespace. The <media/> element MUST be contained within a <field/> element qualified by the 'jabber:x:data' namespace.</p>
<p>If the media is an image or video then the <media/> element SHOULD include 'height' and 'width' attributes specifying the recommended display size of the media in pixels.</p>
<p>The <media/> element SHOULD contain at least one <uri/> element to specify the out-of-band location of the media data. <note>Constrained execution environments prevent some clients (e.g., Web clients) from rendering media unless it has been received out-of-band.</note> If included, the <uri/> element MUST contain a URI that indicates the location and MUST include a 'type' attribute that specifies the MIME type of the media. If the URI scheme is cid: then the identifier MUST refer to a bit of binary data as described in &xep0231;.</p>
<p>The 'type' attribute of the <uri/> element is REQUIRED. The value of the 'type' attribute MUST match the syntax specified in &rfc2045;. That is, the value MUST include a top-level media type, the "/" character, and a subtype; in addition, it MAY include one or more optional parameters (e.g., the "audio/ogg" MIME type in the example shown below includes a "codecs" parameter as specified in &rfc4281;). The "type/subtype" string SHOULD be registered in the &ianamedia;, but MAY be an unregistered or yet-to-be-registered value.</p>
<p>The cid: URI points to data that can be retrieved using the protocol described in &xep0231; and the data element would be included along with the XMPP stanza containing the data form.</p>
<p>The following example is provided only for the purpose of illustration; consult the specifications for using protocols (e.g., <cite>XEP-0158</cite>) to see canonical examples.</p>
<p>The ability to include arbitrary binary data implies that it is possible to send scripts, applets, images, and executable code, which may be potentially harmful. To reduce the risk of such exposure, an implementation MAY choose to not display or process such data but instead either completely ignore the data, show only the value of the 'alt' attribute (if included), or prompt a human user for approval (either explicitly via user action or implicitly via a list of approved entities from whom the user will accept binary data without per-event approval).</p>