Bug: Spark doesn't properly escape ampersand in IM gateway passwords

Alex_Mauer · May 21, 2008, 5:12pm

When attempting to register for any builtin openfire gateway, if a password contains an ampersand Spark doesn’t properly escape it, and Openfire disconnects the client when the IQ fails to parse. It’s happened with both the Yahoo! and the gtalk gateways.

Server log says:

org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandle r.java:135) Closing connection due to error while processing message: foo&bar@… @1:174)

Spark should really escape the ampersand properly, but Openfire should just ignore the bad IQ instead of dropping the connection.

Alex_Mauer · June 24, 2008, 6:15pm

bump

Alex_Mauer · July 1, 2008, 11:59am

bump

Alex_Mauer · August 5, 2008, 4:46pm

bump

Richard_Barnett · February 3, 2009, 12:08am

This also occurs when using Smack 3.0.4. The cause seems to be that org.jivesoftware.smackx.FormField.toXML() doesn’t XML-escape the content - unlike FormField.Option.toXML(), which uses StringUtils.escapeForXML() for this.

This doesn’t seem to be fixed in 3.1.0 (from inspection of the source).

– Richard