A person was able to add an invalid JID ("xmpp:members.queer-spark.org") to their roster. It went unnoticed until it caused issues with Slidge.
Removing the invalid JID fixed it.
More information: https://codeberg.org/slidge/slidge/issues/47
Masked Witch
on
I found out they added "xmpp%3Amembers.queer-spark.org" instead of "xmpp:members.queer-spark.org".
Zash
on
Thanks for the report.
This is awkward, because both : and % pass trough stringprep/nameprep while it is IDNA that forbids them, but IDNA is only applied when doing DNS lookups.
It is also awkward because an IPv6 address is a valid hostpart.
I'm uncertain whether an IP address with a port like 203.0.113.80:5269 is valid.
A person was able to add an invalid JID ("xmpp:members.queer-spark.org") to their roster. It went unnoticed until it caused issues with Slidge. Removing the invalid JID fixed it. More information: https://codeberg.org/slidge/slidge/issues/47
I found out they added "xmpp%3Amembers.queer-spark.org" instead of "xmpp:members.queer-spark.org".
Thanks for the report. This is awkward, because both : and % pass trough stringprep/nameprep while it is IDNA that forbids them, but IDNA is only applied when doing DNS lookups. It is also awkward because an IPv6 address is a valid hostpart. I'm uncertain whether an IP address with a port like 203.0.113.80:5269 is valid.
Changes