powered by Jive Software

ToContainsFilter etc. exploit?

Since ToContainsFilter use substring matches, JID strings like "bob@server1.com" will be matched by "jane@server2.com/bob@server1.com", which is a user on a completely different server.

I’‘m not sure if anyone is using this feature to provide any sort of security (e.g. to identify a bot’‘s ‘‘master’’), but if you are, I’'d probably advise against it for this reason.