--- a/spec/latest/json-ld-syntax/index.html Sun Feb 17 13:41:13 2013 +0100
+++ b/spec/latest/json-ld-syntax/index.html Sun Feb 17 14:17:03 2013 +0100
@@ -3306,20 +3306,24 @@
</dl>
</dd>
<dt>Encoding considerations:</dt>
- <dd>The same as the <code>application/json</code> MIME media type.</dd>
+ <dd>See RFC 6839, section 3.1.</dd>
<dt>Security considerations:</dt>
<dd>Since JSON-LD is intended to be a pure data exchange format for
directed graphs, the serialization SHOULD NOT be passed through a
code execution mechanism such as JavaScript's <code>eval()</code>
- function. It is RECOMMENDED that a conforming parser does not attempt to
- directly evaluate the JSON-LD serialization and instead purely parse the
- input into a language-native data structure. <br/>
+ function to be parsed.<br/>
JSON-LD contexts that are loaded from the Web over non-secure connections,
such as HTTP, run the risk of modifying the JSON-LD
<tref>active context</tref> in a way that could compromise security. It
is advised that any application that depends on a remote context for mission
critical purposes vet and cache the remote context before allowing the
- system to use it.</dd>
+ system to use it.<br />
+ JSON-LD allows the substitution of long IRIs with short terms and the
+ compression of multiple properties into a single property generator. Therefore,
+ JSON-LD documents may expand enormously when processed and, in the worst case,
+ the resulting data might consume all of the recipient's resources. Applications
+ should treat any data with due skepticism.
+ </dd>
<dt>Interoperability considerations:</dt>
<dd>Not Applicable</dd>
<dt>Published specification:</dt>