[OTR-dev] OTR with Jabber/XMPP

Timo Engel timo-e at freenet.de
Sat Feb 2 09:47:43 EST 2008

On 01-Feb-2008 Ian Goldberg wrote:
> On Mon, Jan 28, 2008 at 06:53:39PM +0100, Timo Engel wrote:
>> [...]
>> The contents of [EncryptedBody] and [EncryptedHTML] are the same. After
>> decrypting the message, there is HTML code in the body-element. This is not
>> a
>> valid XMPP message and is problematic if the client doesn't use HTML.
>> The encrypted HTML code is not XML compliant. After decrypting the message
>> it
>> could not be parsed from an XML parser. This is really annoying, because the
>> client can't display the message.
> This has been discussed before.  The ciphertext is valid XML, since the
> ciphertext itself contains no markup.  When the user-agent decrypts the
> OTR ciphertext to get plaintext, it may have markup, because the OTR
> specification says it can.  If the user-agent doesn't understand markup,
> the OTR plugin for that user-agent is responsible for removing it.

It should not be task of the receiving plugin to remove HTML tags. For that
reason a XMPP messages has a body-element where html content is not allowed and
the optional html-element with XHTML markup.

The markup should be valid XHTML. This is not the case if gaim is used with the
otr-plugin. Without the plugin, the messages from gaim are valid. Perhaps this
is a problem of the plugin-interface of gaim. 

More information about the OTR-dev mailing list