moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

XEP-0333: Clarify security note further

This commit is contained in:
Matthew Wild 2020-04-15 15:38:02 +01:00 committed by Maxime “pep” Buquet
parent 0915bd786b
commit 928513d81d
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
xep-0333.xml
View File

@ -250,12 +250,13 @@
even maliciously reused by another MUC occupant.</p>
<p>Therefore, if a MUC announces support for &xep0359; then clients MUST always use
the MUC-assigned id for Chat Markers. The id will be contained in a &lt;stanza-id&gt;
the MUC-assigned id for Chat Markers. The id will be contained in a &lt;stanza-id/&gt;
element inserted into the stanza with a 'by' attribute matching the MUC's own JID.</p>
<p>As per XEP-0359 security considerations, if XEP-0359 support is not announced then
&lt;stanza-id/&gt; elements with a 'by' attribute that match the MUC's own JID should
be considered spoofed and MUST be ignored.</p>
<p>As per XEP-0359 security considerations, if XEP-0359 support is not announced on the
MUC room's JID then &lt;stanza-id/&gt; elements with a 'by' attribute that match the
MUC's JID should be considered spoofed and MUST be ignored.</p>
<example caption='Example MUC message with a markable Chat Marker'>
<![CDATA[
<message