• mqtt: don't send items between < and >

    From Nigel Reed@1:103/705 to GitLab issue in main/sbbs on Wednesday, January 04, 2023 22:40:45
    open https://gitlab.synchro.net/main/sbbs/-/issues/479

    The dashboard I'm using, node-red, and I'm sure others will take a payload text and re-display it as is. That means anything between < and > would be seen as an HTML tag and not displayed. In an ideal world it should probably change to &lt; and &gt; but not the case. Rather than everyone having to do that, it seems like "paging sysop" might be on the only place I've seen it. Node 1 <Nelgin> paged sysop for chatIf this isn't going to be changed then we should probably note it in the wiki so that others don't get caught out wondering where their text disappeared to.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Wednesday, January 04, 2023 23:08:26
    https://gitlab.synchro.net/main/sbbs/-/issues/479#note_3001

    Your dashboard will need to html-encode the contents of messages if it can't already handle message content that looks like HTML tags.Not every MQTT client is a web-thing and I'm not going to HTML-encode every MQTT message just for those that are. There must be a solution in whatever web/mqtt-toolkit you're using (Node Red?).
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nigel Reed@1:103/705 to GitLab note in main/sbbs on Wednesday, January 04, 2023 23:34:08
    https://gitlab.synchro.net/main/sbbs/-/issues/479#note_3002

    I was thinking more along the lines of remove <> around the name of the person paging. There's really no need for it. It can be parsed out if needed but now everyone is likely to have to parse it to remove <>. I think log messages should be basic and the user can parse them if they want fancy stuff. There's no need for anything other than plain text in mqtt messages, except for tabs and the like.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Wednesday, January 04, 2023 23:55:48
    https://gitlab.synchro.net/main/sbbs/-/issues/479#note_3003

    It's common knowledge/practice that certain characters need to be HTML entity-encoded (not removed) when placing arbitrary text into web pages. Angle-brackets *are* plain text and they occur regularly in sbbs log messages, which is where the message you're referring to came from. Just grep for '<' in your sbbs log output for plenty of examples.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mickey@1:103/705 to Nigel Reed on Thursday, January 05, 2023 09:39:39
    Re: mqtt: don't send items between < and >
    By: Nigel Reed to GitLab note in main/sbbs on Wed Jan 04 2023 11:34 pm

    everyone is likely to have to parse it to remove <>. I think log messages should be basic and the user can parse them if they want fancy stuff. There' no need for anything other than plain text in mqtt messages, except for tabs and the like.


    Just a thought from a newbie here. I think it's quite modern thinking that Synchronet's Web interface has the ability to post links to other websites, off-line photos etc. Makes the interface more err.. useable.

    .
    .
    .

    Mick Manning
    Bad Poetry Blues (badpoet.synchro.net:2300) gopher://centralontarioremote.com:70

    ---
    Synchronet BluesNet Blues Network - http://badpoet.synchro.net:8000
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Michael J. Ryan@1:103/705 to GitLab note in main/sbbs on Tuesday, January 10, 2023 14:48:40
    https://gitlab.synchro.net/main/sbbs/-/issues/479#note_3019

    Just adding $.02, might be a good idea for many of the mqtt messages to be JSON serialized objects...
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Saturday, January 21, 2023 18:52:02
    https://gitlab.synchro.net/main/sbbs/-/issues/479#note_3105

    I considered JSON-encoding when first adding MQTT support and decided it was not advantageous: not all clients would have a JSON parser and human-readability was important to me.Also, it would have not made any difference to the reported issue here as < and > are perfectly valid characters in a JSON-encoded string value.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)