Tweaked application/ld+json security consideration based on Dave Longley comments
authorMarkus Lanthaler <mark_lanthaler@gmx.net>
Tue, 18 Jun 2013 18:07:15 +0200
changeset 1730 528d8c7a944c
parent 1729 08b9f395bb6b
child 1731 244ef0868a20
Tweaked application/ld+json security consideration based on Dave Longley comments

This addresses #265
spec/latest/json-ld/index.html
--- a/spec/latest/json-ld/index.html	Tue Jun 18 17:53:55 2013 +0200
+++ b/spec/latest/json-ld/index.html	Tue Jun 18 18:07:15 2013 +0200
@@ -3704,9 +3704,10 @@
         JSON-LD Processing Algorithms and API specification [[JSON-LD-API]],
         may provide fine-grained mechanisms to control this behavior.</p>
       <p>JSON-LD contexts that are loaded from the Web over non-secure connections,
-        such as HTTP, run the risk of modifying the JSON-LD <tref>active context</tref>
-        in a way that could compromise security. It is advised that any application
-        that depends on a remote context for mission critical purposes vet and
+        such as HTTP, run the risk of being altered by an attacker such that
+        they may modify the JSON-LD <tref>active context</tref> in a way that
+        could compromise security. It is advised that any application that
+        depends on a remote context for mission critical purposes vet and
         cache the remote context before allowing the system to use it.</p>
       <p>Given that JSON-LD allows the substitution of long IRIs with short terms,
         JSON-LD documents may expand considerably when processed and, in the worst case,