search

EionRobb / purple-hangouts

47 stars 4 forks source link

XHTML <img src> is double escaped #157

Closed EionRobb closed 7 years ago

EionRobb commented 7 years ago

Original report by Wiktor (Bitbucket: wiktor_k, ).

I'm using purple-hangouts through Spectrum2 (XMPP Gateway).

The image is based on Fedora 23 and purple-hangouts is installed like that:

dnf install purple-hangouts pidgin-hangouts

Incoming images are received as this XML:

<message type='groupchat' to='x' from='y'>
<body>View full image  &lt;https://lh3.googleusercontent.com/-LH4HyGEJ5Vw/WdNgi6-gReI/AAAAAAAAkMs/CMYOd3Um8uopf-random/s0/2951279375512928879%253Faccount_id%253D1&gt;</body>
<html xmlns='http://jabber.org/protocol/xhtml-im'>
<body xmlns='http://www.w3.org/1999/xhtml'>
<a href='https://lh3.googleusercontent.com/-LH4HyGEJ5Vw/WdNgi6-gReI/AAAAAAAAkMs/CMYOd3Um8uopf-random/s0/2951279375512928879%253Faccount_id%253D1'>View full image <img alt='' src='https%3A%2F%2Flh3.googleusercontent.com%2F-LH4HyGEJ5Vw%2FWdNgi6-gReI%2FAAAAAAAAkMs%2FCMYOd3Um8uopf-random%2Fs0%2F2951279375512928879%25253Faccount_id%25253D1'/>
</a>
</body>
</html>
</message>

<a href> is correctly escaped but <img src> is double-escaped that results in image not being displayed on client side.

I've tried to track down the offending like but found only this: https://bitbucket.org/EionRobb/purple-hangouts/src/65f3f51d8faf72106b2a6dc809fcd2ecfdd7d78a/hangouts_events.c?at=default&fileviewer=file-view-default#hangouts_events.c-526

And that's a little bit different than my XHTML (alt vs id) but there is purple_url_encode called on a URL.

Thanks for help!

EionRobb commented 7 years ago

Original comment by Eion Robb (Bitbucket: EionRobb, GitHub: EionRobb).

Oh interesting. That's the first time I've seen a libpurple client not use the id for displaying an inline image.

Regardless, url-escaping is completely wrong here, it should be html-encoding. :)

EionRobb commented 7 years ago

Original comment by Eion Robb (Bitbucket: EionRobb, GitHub: EionRobb).

HTML-encode (rather than URL-encode) inline image urls for Spectrum2 Fixes Issue #157

EionRobb commented 7 years ago

Original comment by Eion Robb (Bitbucket: EionRobb, GitHub: EionRobb).

Can you give that commit a try and let me know how you get on? :)

EionRobb commented 7 years ago

Original comment by Wiktor (Bitbucket: wiktor_k, ).

Aaaand it works! thanks a lot! :) Although the image is super big (not a thumbnail) at least it is visible now.