#1903 Invalid JID in Roster

Reporter Masked Witch
Owner Nobody
Created
Updated
Stars ★ (1)
Tags
  • Priority-Medium
  • Type-Defect
  • Status-Accepted
  1. Masked Witch on

    A person was able to add an invalid JID ("xmpp:members.queer-spark.org") to their roster. It went unnoticed until it caused issues with Slidge. Removing the invalid JID fixed it. More information: https://codeberg.org/slidge/slidge/issues/47

  2. Masked Witch on

    I found out they added "xmpp%3Amembers.queer-spark.org" instead of "xmpp:members.queer-spark.org".

  3. Zash on

    Thanks for the report. This is awkward, because both : and % pass trough stringprep/nameprep while it is IDNA that forbids them, but IDNA is only applied when doing DNS lookups. It is also awkward because an IPv6 address is a valid hostpart. I'm uncertain whether an IP address with a port like 203.0.113.80:5269 is valid.

    Changes
    • tags Status-Accepted

New comment

Not published. Used for spam prevention and optional update notifications.