%ents; ]>
Data Forms Media Element This specification defines an XMPP protocol extension for including media data in XEP-0004 data forms. &LEGALNOTICE; 0221 Proposed Standards Track Standards XMPP Core XEP-0004 None None NOT_YET_ASSIGNED &ianpaterson; &stpeter; 0.4 2008-07-27 psa

Generalized text regarding inclusion of parameters in type attribute per RFC 2045.

0.3 2008-06-18 psa

Changed MUST to SHOULD regarding inclusion of uri element; allowed inclusion of codecs parameter in type attribute per RFC 4281; added Security Considerations section.

0.2 2008-01-30 psa

Modified to reuse data element from XEP-0231.

0.1 2007-07-11 psa/ip

Initial version, split off from XEP-0158.

In certain protocols that make use of &xep0004;, it can be helpful to include media data such as small images. One example of such a "using protocol" is &xep0158;. This document defines a method for including media data in a data form.

The root element for media data is <media/>. This element MUST be qualified by the "urn:xmpp:tmp:media-element' namespace &NSNOTE;. The <media/> element MUST be contained within a <field/> element qualified by the 'jabber:x:data' namespace.

If the media is an image or video then the <media/> element SHOULD include 'height' and 'width' attributes specifying the recommended display size of the media in pixels.

The <media/> element SHOULD contain at least one <uri/> element to specify the out-of-band location of the media data. Constrained execution environments prevent some clients (e.g., Web clients) from rendering media unless it has been received out-of-band. If included, the <uri/> element MUST contain a URI that indicates the location and MUST include a 'type' attribute that specifies the MIME type of the media. As specified in &rfc2045;, the value of the 'type' attribute MUST include a top-level media type, the "/" character, and a subtype; in addition, it MAY include one or more optional parameters (e.g., the "audio/ogg" MIME type in the example shown below includes a "codecs" parameter as specified in &rfc4281;). The "type/subtype" string SHOULD be registered in the &ianamedia;, but MAY be an unregistered or yet-to-be-registered value.

The <media/> element MAY also contain one or more <data/> elements for distributing the media in-band. The <data/> element MUST be qualified by the 'urn:xmpp:tmp:data-element' as defined in &xep0231;. The encoded data SHOULD NOT be larger than 8 kilobytes. If a stanza contains more than one <data/> element, the sending entity MUST take care not to trigger server-defined bandwidth limits.

http://victim.example.com/challenges/speech.wav?F3A6292C http://victim.example.com/challenges/speech.ogg?F3A6292C http://victim.example.com/challenges/speech.mp3?F3A6292C [ ... base64-encoded-audio ... ] ]]>

The following example is provided only for the purpose of illustration; consult the specifications for using protocols to see canonical examples.

[ ... ] http://www.victim.com/challenges/ocr.jpeg?F3A6292C ** Base64 encoded image ** [ ... ] ]]>

The ability to include arbitrary binary data implies that it is possible to send scripts, applets, images, and executable code, which may be potentially harmful. To reduce the risk of such exposure, an implementation MAY choose to not display or process such data but instead either completely ignore the data, show only the value of the 'alt' attribute (if included), or prompt a human user for approval (either explicitly via user action or implicitly via a list of approved entities from whom the user will accept binary data without per-event approval).

This document requires no interaction with &IANA;.

Until this specification advances to a status of Draft, its associated namespace shall be "urn:xmpp:tmp:media-element"; upon advancement of this specification, the ®ISTRAR; shall issue a permanent namespace in accordance with the process defined in Section 4 of &xep0053;.

]]>