09-10-2020 01:10 AM - edited 09-10-2020 02:44 AM
Hi,
we recently updated from 12.5.1 to 12.5.2 due to this vulnerability . We are using SleekXMPP for sending special HTML messages from a chatbot API endpoint into Jabber.
After we installed the update we are not able to send HTML IMG-Tags.
Python code looks like this if it helps:
msg_reply = self.Message() msg_reply['to'] = msg['from'] msg_reply['from'] = msg['to'] msg_reply['type'] = 'chat' msg_reply['html']['body'] = '<img src="PathToImage"/>'
But this still works:
msg_reply = self.Message() msg_reply['to'] = msg['from'] msg_reply['from'] = msg['to'] msg_reply['type'] = 'chat' msg_reply['html']['body'] = '<a target="_blank" href='PathToLink'>Title</a>
I can´t understand why the image-tags are blocked after the update and ahref-tags are still working. Yes, I send special crafted XMPP messages, but there has to be some configuration where I can whitelist special tags right?
Any suggestion for that?
Thanks in advance!
09-29-2020 07:59 AM
Did you ever figure anything about this? I'm trying to do something similar and I cant figure out how I could send an image.
I'm starting to wonder if I need to submit the image to the MFT server similar to how the jabber client sends an image/screenshot.
I wouldn't even know where to begin with that...
09-30-2020 01:47 AM
No, I can´t send images anymore after we installed the update...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide