Mercurial > prosody-modules
annotate mod_xhtmlim/README.markdown @ 4651:8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
The `body:sub()` call risks splitting the string in the middle of a
multi-byte UTF-8 sequence. This should have been caught by util.stanza
validation, but that would have caused some havoc, at the very least causing
the notification to not be sent.
There have been no reports of this happening. Likely because this module
isn't widely deployed among users with languages that use many longer UTF-8
sequences.
The util.encodings.utf8.valid() function is O(n) where only the last
sequence really needs to be checked, but it's in C and expected to be fast.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 22 Aug 2021 13:22:59 +0200 |
| parents | 1f68287138e3 |
| children |
| rev | line source |
|---|---|
|
2865
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 Introduction |
|
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 ============ |
|
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 This module attempts to sanitize XHTML-IM messages. |
|
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
3699
1f68287138e3
mod_xhtmlim: Default to stripping @style attribute by default
Kim Alvefur <zash@zash.se>
parents:
2865
diff
changeset
|
6 It does **not** attempt to sanitize any CSS embedded in `style` |
|
1f68287138e3
mod_xhtmlim: Default to stripping @style attribute by default
Kim Alvefur <zash@zash.se>
parents:
2865
diff
changeset
|
7 attributes, these are instead stripped by default. |
|
1f68287138e3
mod_xhtmlim: Default to stripping @style attribute by default
Kim Alvefur <zash@zash.se>
parents:
2865
diff
changeset
|
8 |
|
2865
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 Configuration |
|
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 ============= |
|
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
|
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 Option Type Default |
|
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 ------------------------ --------- --------- |
|
3699
1f68287138e3
mod_xhtmlim: Default to stripping @style attribute by default
Kim Alvefur <zash@zash.se>
parents:
2865
diff
changeset
|
14 `strip_xhtml_style` boolean `true` |
|
2865
f6ed4421167d
mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 `bounce_invalid_xhtml` boolean `false` |