Converse.js fails if passwords contain an &

Question

Converse.js fails if passwords contain an &

GonzaloSpurr opened this issue 10 months ago · 1 comments

Describe the bug
When trying to log in to a pre-existing account, or generate a new one: if the password contains an ampersand (&) it will fail.

To Reproduce
Steps to reproduce the behavior:
0. Have an XMPP account whose password contains an ampersand

Go to 'conversejs.org/fullscreen.html'
Put in your XMPP address
Type in your password (which must contain an ampersand)
See authentication error

Expected behavior
converse.js should be able to properly escape ampersands in password fields.

Screenshots
Error when loggin in:

Copy of the error log when making an account:

stanza.js:10 Uncaught Error: Parser Error: <field var="password"><value>@t9dzMJ.43zEzqPN!D#&cMytH&3^U)gE</value></field>
    at Object.$c [as toStanza] (stanza.js:10:15)
    at I$ (form.js:33:14)
    at panel.js:346:47
    at Array.map (<anonymous>)
    at Gy.submitRegistrationForm (panel.js:346:38)
    at Gy.onFormSubmission (panel.js:172:18)
    at Gy.<anonymous> (registration_form.js:13:79)
    at ph.handleEvent (lit-html.ts:2010:29)

Environment (please complete the following information):

Arch linux 6.6.9-arch1-1 with converse.js 10.1.5 (appimage)
Librewolf 121.0-1 with the web version at conversejs.org/fullscreen.html

Answer 1 · 2024-08-23T07:17:08.000Z

Thanks for the good bug report. Should be fixed now.