Closed vinnitu closed 12 years ago
The line "<?xml version='1.0'?>" should probably be present only when a xml doc. starts. I could be wrong though.
what is main idea usign dummy wrapper?
to prevent xml entity expansion attack.
Even if we switch to a sax parser for the websocket bit, the xml you paste will be invalid since we just keep continuing the same xml document - which can't have <? xml ... ?> in the middle.
One of php jabber-client use SimpleXML class to build xmpp stanza and SimpleXMLElement::asXML() function to get result string, but always return preambula <?xml version='1.0'?> at begin
and in node-xmpp-bosh next construction not working properly
<dummy><?xml version='1.0'?><bla>bla</bla></dummy>
because dummy is not valid xml element, and that is why developers make dirty hack with
s = substr(s, strlen('<?xml version='1.0'?>');
but ejabberd_http_bind hasn't such trouble
So... What do you think about?