Update application/ld+json security considerations
authorMarkus Lanthaler <mark_lanthaler@gmx.net>
Tue, 18 Jun 2013 17:53:55 +0200
changeset 1734 a8954f7ba888
parent 1733 5377d3e71f58
child 1735 82a39baddeee
Update application/ld+json security considerations

This addresses #265
spec/latest/json-ld/index.html
--- a/spec/latest/json-ld/index.html	Sat Jun 22 19:53:58 2013 +0530
+++ b/spec/latest/json-ld/index.html	Tue Jun 18 17:53:55 2013 +0200
@@ -3704,10 +3704,9 @@
         JSON-LD Processing Algorithms and API specification [[JSON-LD-API]],
         may provide fine-grained mechanisms to control this behavior.</p>
       <p>JSON-LD contexts that are loaded from the Web over non-secure connections,
-        such as HTTP, run the risk of being altered by an attacker such that
-        they may modify the JSON-LD <tref>active context</tref> in a way that
-        could compromise security. It is advised that any application that
-        depends on a remote context for mission critical purposes vet and
+        such as HTTP, run the risk of modifying the JSON-LD <tref>active context</tref>
+        in a way that could compromise security. It is advised that any application
+        that depends on a remote context for mission critical purposes vet and
         cache the remote context before allowing the system to use it.</p>
       <p>Given that JSON-LD allows the substitution of long IRIs with short terms,
         JSON-LD documents may expand considerably when processed and, in the worst case,