[Psi-devel] Jive's new stuff
Brian
fxsasjse902 at sneakemail.com
Tue Feb 6 19:38:32 PST 2007
On Feb 6, 2007, at 5:44 PM, David Smith catfish.man-at-gmail.com |psi/
personal| wrote:
> Hi everyone,
>
> I'm the author of the draft spec linked to from the blog entry, and
> the current maintainer of Adium's webkit message view code, so feel
> free to fire any questions about it my way. I'm also looking for
> feedback on the draft spec, because I'd really rather not discover
> some horrible issue with it *after* investing time implementing it in
> Spark and Adium :)
> ...
Hi David,
Just out of curiosity, how hard do you (or can you) try to sanitize
incoming text to make sure that the Javascript engine and/or HTML
renderer can't be exploited to do "bad things"? Was that a
consideration? Is the chat stream sufficiently isolated (or scrubbed)
so that it's not an issue?
I'd hate to see IM clients start to go down the same bloody path that
email clients have already suffered (MS Outlook, anyone?). :)
- Brian
More information about the psi-devel
mailing list