Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1034
Views
0
Helpful
2
Replies

Sending special XMPP messages with Jabber 12.5.2 fails

lindig
Level 1
Level 1

‎09-10-2020 01:10 AM - edited ‎09-10-2020 02:44 AM

Hi,

we recently updated from 12.5.1 to 12.5.2 due to this vulnerability . We are using SleekXMPP for sending special HTML messages from a chatbot API endpoint into Jabber. 

After we installed the update we are not able to send HTML IMG-Tags. 

Python code looks like this if it helps:

msg_reply = self.Message()
msg_reply['to'] = msg['from']
msg_reply['from'] = msg['to']
msg_reply['type'] = 'chat'
msg_reply['html']['body'] = '<img src="PathToImage"/>'

But this still works:

msg_reply = self.Message()
msg_reply['to'] = msg['from']
msg_reply['from'] = msg['to']
msg_reply['type'] = 'chat'
msg_reply['html']['body'] = '<a target="_blank" href='PathToLink'>Title</a>

I can´t understand why the image-tags are blocked after the update and ahref-tags are still working. Yes, I send special crafted XMPP messages, but there has to be some configuration where I can whitelist special tags right?

 

Any suggestion for that?

Thanks in advance!

 

1 person had this problem
Labels:
0 Helpful
2 Replies 2

JohnD159753
Level 1
Level 1

‎09-29-2020 07:59 AM

Did you ever figure anything about this? I'm trying to do something similar and I cant figure out how I could send an image.
I'm starting to wonder if I need to submit the image to the MFT server similar to how the jabber client sends an image/screenshot.

 

I wouldn't even know where to begin with that...

 

0 Helpful

lindig
Level 1
Level 1
In response to JohnD159753

‎09-30-2020 01:47 AM

No, I can´t send images anymore after we installed the update...

0 Helpful
Customers Also Viewed These Support Documents