--- a/html/DOM3-Events.html	Wed Nov 13 03:48:02 2013 +0800
+++ b/html/DOM3-Events.html	Wed Nov 13 03:55:34 2013 +0800
@@ -9238,27 +9238,46 @@
 	<section id="security-considerations">
 		<h1>Security Considerations</h1>
 
-		<p>This appendix discusses security considerations for DOM Level 3 Events implementations. The discussion is limited to security issues that arise directly
-			from implementation of the event model, APIs and events defined in this specification. Implementations typically support other features like scripting languages,
-			other APIs and additional events not defined in this document. These features constitute an unknown factor and are out of scope of this document. Implementers SHOULD
-			consult the specifications of such features for their respective security considerations.</p>
-
-		<p>Many of the event types defined in this specification are dispatched in response to user actions. This allows malicious event listeners to gain access to information
-			users would typically consider confidential, e.g., typos they might have made when filling out a form, if they reconsider their answer to a multiple choice question
-			shortly before submitting a form, their typing rate or primary input mechanism. In the worst case, malicious event listeners are able to capture all user interactions
-			and submit them to a third party through means, while not defined in DOM Level 3 Events, generally available in DOM implementations, such as the XMLHttpRequest
-			interface.</p>
-
-		<p>In DOM implementations that support facilities to load external data, events like the <a class="eventtype"><code>error</code></a> event can provide access to sensitive information about
-			the environment of the computer system or network. An example would be a malicious HTML document that attempts to embed a resource on the local network or the localhost
-			on different ports. An embedded <a class="def" href="#glossary-DOM-application">DOM application</a> could then listen for <a class="eventtype"><code>error</code></a>
-			and <a class="eventtype"><code>load</code></a> events to determine which other computers in a network are accessible from the local system or which ports are open on the
-			system to prepare further attacks.</p>
-
-		<p>An implementation of DOM Level 3 Events alone is generally insufficient to perform attacks of this kind and the security considerations of the facilities that possibly
-			support such attacks apply. For conformance with this specification, DOM implementations MAY take reasonable steps to ensure that <a class="def" href="#glossary-DOM-application">
-			DOM applications</a> do not get access to confidential or sensitive information, for example, they might choose to dispatch no <a class="eventtype"><code>load</code></a>
-			events to nodes that attempt to embed resources on the local network.</p>
+		<p>This appendix discusses security considerations for DOM Level 3 Events implementations.
+			The discussion is limited to security issues that arise directly from implementation of the event
+			model, APIs and events defined in this specification.
+			Implementations typically support other features like scripting languages, other APIs and
+			additional events not defined in this document.
+			These features constitute an unknown factor and are out of scope of this document.
+			Implementers SHOULD consult the specifications of such features for their respective
+			security considerations.
+			</p>
+
+		<p>Many of the event types defined in this specification are dispatched in response to user actions.
+			This allows malicious event listeners to gain access to information users would typically consider
+			confidential, e.g., typos they might have made when filling out a form, if they reconsider their
+			answer to a multiple choice question shortly before submitting a form, their typing rate or primary
+			input mechanism.
+			In the worst case, malicious event listeners could capture all user interactions and submit them
+			to a third party through means (not defined in DOM Level 3 Events) that are generally available
+			in DOM implementations, such as the XMLHttpRequest interface.
+			</p>
+
+		<p>In DOM implementations that support facilities to load external data, events like the
+			<a class="eventtype"><code>error</code></a> event can provide access to sensitive information about
+			the environment of the computer system or network.
+			An example would be a malicious HTML document that attempts to embed a resource on the local network
+			or the localhost on different ports.
+			An embedded <a class="def" href="#glossary-DOM-application">DOM application</a> could then listen
+			for <a class="eventtype"><code>error</code></a> and <a class="eventtype"><code>load</code></a> events
+			to determine which other computers in a network are accessible from the local system or which ports
+			are open on the system to prepare further attacks.
+			</p>
+
+		<p>An implementation of DOM Level 3 Events alone is generally insufficient to perform attacks of this kind
+			and the security considerations of the facilities that possibly support such attacks apply.
+			For conformance with this specification, DOM implementations MAY take reasonable steps to ensure that
+			<a class="def" href="#glossary-DOM-application">DOM applications</a> do not get access to confidential
+			or sensitive information.
+			For example, they might choose not to dispatch <a class="eventtype"><code>load</code></a> events to
+			nodes that attempt to embed resources on the local network.
+			</p>
+
 	</section>  <!-- security-considerations -->
 
 	<!-- Appendix F: Changes ========================================================-->