mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-28 04:02:20 -05:00
Add paragraph in security section about protecting agains malicious thumbnail dimensions in offer. Fixed a typo.
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@3000 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
parent
06e342152c
commit
094b66f592
@ -28,6 +28,12 @@
|
||||
<email>ml@update.uu.se</email>
|
||||
<jid>mlundblad@jabber.org</jid>
|
||||
</author>
|
||||
<revision>
|
||||
<version>0.2</version>
|
||||
<date>2009-04-06</date>
|
||||
<initials>ml</initials>
|
||||
<remark><p>Add paragraph in security section about protecting agains malicious thumbnail dimensions in offer. Fixed a typo.</p></remark>
|
||||
</revision>
|
||||
<revision>
|
||||
<version>0.1</version>
|
||||
<date>2009-04-02</date>
|
||||
@ -64,7 +70,7 @@ file being offered (name, size, and date). There currently is no way to provide
|
||||
<p>This documents defines a way to include a thumbnail image as an additional metadata in a file transfer.</p>
|
||||
</section1>
|
||||
<section1 topic='Use Case' anchor='usecase'>
|
||||
<p>When a client wishes to supply a thumbnail in a transfer offer, it can do so by including an extra <![CDATA[<thumbnail/>]]> element as show in the following exaples.</p>
|
||||
<p>When a client wishes to supply a thumbnail in a transfer offer, it can do so by including an extra <![CDATA[<thumbnail/>]]> element as shown in the following exaples.</p>
|
||||
<example caption='Inclusion of a thumbnail in SI file transfer offer'><![CDATA[
|
||||
<iq type='set' id='offer1' to='receiver@jabber.org/resource'>
|
||||
<si xmlns='http://jabber.org/protocol/si'
|
||||
@ -162,6 +168,7 @@ file being offered (name, size, and date). There currently is no way to provide
|
||||
<p>The inclusion of an image thumbnail may leak information about a transfer
|
||||
otherwise taking place on an e2e encrypted file transfer stream. A client MAY
|
||||
wish to not include a thumbnail.</p>
|
||||
<p>A client MUST not rely on the values specified for the width and height of a thumbnail to allocate a bitmap data buffer for the thumbnail, to prevent possible DoS attacks. Also a client SHOULD apply implementation-specific limits on the thumbnails, if using these values to pepare a UI element for the thumbnail image, of f.ex. 128x128 pixels, values exceeding theese would then be truncated and the thumbnail image scaled down when received.</p>
|
||||
</section1>
|
||||
<section1 topic='IANA Considerations' anchor='iana'>
|
||||
<p>This document requires no interaction with &IANA;.</p>
|
||||
|
Loading…
Reference in New Issue
Block a user