Modern XMPP project discussion - 2024-12-16


  1. leke

    Which XEP specification allows using Markdown syntax in the message body? I can't seem to find it, but I remember there being one.

  2. Zash

    https://xmpp.org/extensions/xep-0481.html maybe, but I'm not aware of any implementations

  3. Zash

    The currently common way to format messages is https://xmpp.org/extensions/xep-0393.html which *IS NOT MARKDOWN*

  4. leke

    thanks

  5. Anno

    The syntax of our current way is similar to Markdown. Is it okay if I provide an option "Allow message text to be rendered in Markdown style" in my client?

  6. Zash

    <script>alert("no")</script>

  7. pep.

    leke, 0071 allows markdown to be used :)

  8. Zash

    Markdown, being a HTML superset, often passes unsafe HTML right trough, leading to security vulnerabilities.

  9. Kris

    That depends on the markdown renderer

  10. Zash

    Best assume it does until proven otherwise

  11. Kris

    Still better than html messages...

  12. leke

    The basic Markdown syntax is already widely used, and I want to provide a copy of the Markdown syntax to help messages display better on these devices without having to parse XEP-0393.

  13. Kris

    leke: you are hitting a bee's nest

  14. Kris

    This is a very controversial topic in xmpp developer circles

  15. Zash

    leke, even talking about it may lead inexperienced developers to using an unsafe markdown library for 393 ... again.

  16. leke

    I honestly didn't realize that. Can you explain what you mean?

  17. Zash

    I mean someone already went and used a markdown library that by default let <script> right trough because they thought 393 was markdown.

  18. Kris

    Zash is pulling your leg. Xep-0393 was explicitly developed because people did that with html renderers.

  19. Kris

    It even says so right in the preamble

  20. pep.

    The best way to use markdown is still to do XHTML-IM :)

    โ˜ 1
  21. pep. putting oil on the fire

  22. leke

    Oh, that's definitely a risky practice and not recommended. Most Markdown parsing libraries don't enable that by default.

  23. Kris

    Exactly

  24. Zash

    I'd suggest you parse the markdown locally and send it as https://xmpp.org/extensions/xep-0394.html on the wire

  25. leke

    It's not recommended to write HTML in Markdown. It's better to use the appropriate markup symbols.

  26. mod

    leke, You cannot control how the other party's client will parse MD, that's the problem

  27. Anno

    If it were up to me, I would simply provide an option in the client I develop to enable or disable rendering 'if the message received is in markdown format.' I do not require other clients to render it the same way, nor do I require my users to send or receive text necessarily in markdown format. However, I will allow users to indicate to others that they are sending markdown text, using the content node of XEP-0481 to reveal this.

  28. Anno

    Yes, babe

  29. Anno

    ๐Ÿ˜€๐Ÿ‘‰๐Ÿ‘ˆ

  30. mod

    It would be best to conduct a security audit for your software.

  31. MSavoritias (fae,ve)

    and please make it an option yeah. the amount of bugs in markdown because its "styling" but not really :(

  32. Anno

    Yes, optional๐Ÿ˜‰

    ๐Ÿ‘ 2
  33. Anno

    Yes, optionally๐Ÿ˜‰