Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Prevent message forging via carbons" blocking legitimate carbons #1550

laszlovl opened this issue May 2, 2019 · 0 comments


Copy link

commented May 2, 2019

"user@converse.js" is logged in on Converse as well as another client, and receives a message from "user@external.xmpp".

<body xmlns="">
    <message to="user@converse.js/converse.js-110793621"
             from="user@converse.js" type="chat" xmlns="jabber:client">
        <received xmlns="urn:xmpp:carbons:2">
            <forwarded xmlns="urn:xmpp:forward:0">
                <message xml:lang="en" to="user@converse.js/gajim.JWFYXLW2"
                         from="user@external.xmpp/gajim.O90OPUN4" type="chat" id="135b54c3-7d95-4260-bbcd-62e22069a8a5"

This carbon is incorrectly blocked by the following code: since "user@converse.js" !== "user@external.xmpp".

Looking at, I presume they mean that the outer message's from should be equal to the logged-in account's jid.

Apart from fixing the check, I propose logging a warning message when the condition is triggered.

laszlovl added a commit to laszlovl/converse.js that referenced this issue May 2, 2019

@jcbrand jcbrand closed this in 52ea8d5 May 3, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.