[otr-users] Pidgin plugin sends and parses HTML
Rüdiger Kuhlmann
l-otr.0705+23jv-l at ruediger-kuhlmann.de
Sun May 11 11:48:15 EDT 2008
Hi Jonathan!
>--[Jonathan Schleifer]--<js-otrim at webkeks.org>
> I just talked for the first time with a pidgin user using Gajim's new
> OTR implementation and I noticed that it seems that Pidgin encrypts the
> HTML, not the Text. Is this intended? Miranda seems to does it like
> Gajim, while Trillian also sends HTML. So it's 2 vs. 2.
Add "climm" to the list of clients who do _NOT_ send HTML. According
to the OTR spec, the library is supposed to do nothing more than
replace the plain text with the encrypted text. As such, the place
for text/plain is supposed to contain encryped text/plain, while
the place for text/html is supposed to contain encrypted text/html.
So much, so obvious, unfortunately the OTR authors are quite
resistant to reality and are not reachable by any kind of logic. Any
time this comes up on this list, the poster is pointed to the list
archive (where nobody can find any argument supporting the OTR
author's position). So the situation quite similar to the mplayer
guys and their home-grown autoconf look-alike.
Well, I'm interested how to explain away the stupidity of Trillian to
interpret text as HTML (and thus discard newlines) when climm doesn't
even send HTML at all...
> Should I change it in Gajim so it
> tries to strip all HTML tags and decode the entities + encode outgoing
> messages?
Please don't.
Btw, climm will simply reject messages where the encrypted text/plain
and text/html part agree, but < are somewhere in the decrypted text.
> I also noticed that libotr returns HTML error messages, which
> we think is bad, they are not translatable and we have to strip HTML
> from them.
Well, I'd say "bad" is a nice euphemism for "very poor interface
design". libOTR was split from GAIM, pardon, Pitch-in code, and it
shows. It isn't usable in any other environment without problems.
If any usage of this library isn't as it is used by Pitch-in, then
it will require stupid work-arounds and additional coding. Another
example would, by the way, be the outgoing fragmentation "support".
Sorry for the not-quite so friendly email, but the situation just
doesn't seem to improve.
Yours, Rüdiger.
--
"See, free nations are peaceful nations. Free nations don't attack
each other. Free nations don't develop weapons of mass destruction."
- George W. Bush, Milwaukee, Wis., Oct. 3, 2003
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20080511/919153ed/attachment.pgp>
More information about the OTR-users
mailing list