First draft.
Several existing specification have the need to provide metadata on a file.
The only specification of an element that contains file metadata so far is
provided as part of Jingle File Transfer (XEP-0234)
text/plain
test.txt
2015-07-26T21:46:00+01:00
6144
w0mcJylzCn+AfvuGdqkty2+KP48=
]]>
The child elements of the <file/> element are as follows:
Element Name | Description | Example |
---|---|---|
date | Timestamp specifying the last modified time of the file (which MUST conform to the DateTime profile of XMPP Date and Time Profiles (XEP-0082) |
2015-07-26T21:46:00+01:00 |
dimensions | Horizontal and vertical dimensions of image or video files, in pixels. | 1920x1080 |
desc | A human readable description of the file. Multiple <desc/> elements MAY be included if different xml:lang values are specified. | Picture of 24th XSF Summit |
hash | A hash of the file content, using the <hash/> element defined in Use of Cryptographic Hash Functions in XMPP (XEP-0300) |
see specification |
length | Length of an audio or video file, in milliseconds. | 63000 |
media-type | The media type of the file content, which SHOULD be a valid MIME-TYPE as registered with the Internet Assigned Numbers Authority (IANA) |
text/plain |
name | The name of the file. The name SHOULD NOT contain characters or character sequences that would be interpreted as a directory structure by the local file system (e.g. "/", "\", "../", etc.). If any such characters or character sequences are present (possibly because the local and remote file systems use different syntax for directory structure), they SHOULD be escaped (e.g., via percent-encoding) before using the name as part of any file system operation. See Security Considerations. | text.txt |
size | The length of the file's content, in bytes. | 6144 |
thumbnail | A thumbnail element of the file, using the <thumbnail/> element defined in File Transfer Thumbnails (XEP-0264) |
see specification |
All child elements are OPTIONAL, however, specifications making use of the file metadata object MAY require providing some of these elements as part of their specification.
Caution needs to be exercised when using the <name/> of the metadata to control any interaction with a file system. For example, a malicious user could request a file with <name>/etc/passwd</name> or include file system specific control patterns such as <name>../../private.txt</name> to try and access a sensitive file outside of the set of files intended to be shared. Or a malicious user could offer a file named /etc/passwd to try and trick the receiver into overwriting that or other sensitive files. Therefore, implementations SHOULD escape any file system path separators in the <name/> before using that value in any file system calls.
It is RECOMMENDED for implementations to use the strongest hashing
algorithm available to both parties. See Use of Cryptographic Hash Functions in XMPP (XEP-0300)
This document requires no interaction with the Internet Assigned Numbers Authority (IANA)
The XMPP Registrar
Thanks to the authors of Jingle File Transfer (XEP-0234)