Tweaked application/ld+json security consideration based on Dave Longley comments
This addresses #265
--- a/spec/latest/json-ld/index.html Tue Jun 18 17:53:55 2013 +0200
+++ b/spec/latest/json-ld/index.html Tue Jun 18 18:07:15 2013 +0200
@@ -3704,9 +3704,10 @@
JSON-LD Processing Algorithms and API specification [[JSON-LD-API]],
may provide fine-grained mechanisms to control this behavior.</p>
<p>JSON-LD contexts that are loaded from the Web over non-secure connections,
- such as HTTP, run the risk of modifying the JSON-LD <tref>active context</tref>
- in a way that could compromise security. It is advised that any application
- that depends on a remote context for mission critical purposes vet and
+ such as HTTP, run the risk of being altered by an attacker such that
+ they may modify the JSON-LD <tref>active context</tref> in a way that
+ could compromise security. It is advised that any application that
+ depends on a remote context for mission critical purposes vet and
cache the remote context before allowing the system to use it.</p>
<p>Given that JSON-LD allows the substitution of long IRIs with short terms,
JSON-LD documents may expand considerably when processed and, in the worst case,