XML specific characters in MUC message

Igor Khomenko
Added about 5 years ago

It looks like TIgase MUC doesn't have any filters/parsers for XML specific characters in message.

I can send '&' character in message and room will be broken, clients won't be able to parse these messages. And as a result - disconnect from room and chat server.

As a solution it could be something like this

 String escapedBodyValue = XMLUtils.escape(originBodyValue);

in class, process method

Any comments?

Replies (3)


Added by Artur Hefczyc TigaseTeam about 5 years ago

Apparently you are sending incorrect XML to the Tigase MUC. Your client should encode and escape characters correctly. The server should either reject your input or pass it through unchanged. It looks like in this case it should just reject data as they contain incorrect XML.

Added by Igor Khomenko about 5 years ago


do you have any plans to include 'reject' feature into Tigase MUC component? For example into release Tigase 5.2 or 5.3?

You're right that client should encode and escape characters, but however XMPP server should also handle this situation in a right way.


Added by Artur Hefczyc TigaseTeam about 5 years ago

This is not a job for MUC to reject incorrect XML. This is a job for XML parser and connection manager to reject incorrect data from a client. To be honest I am kind of hesitant to make the XML parser more complex which may impact performance. Unless handling such incorrect data is really a big problem we are not going to make any significant changes to this code.