1.2pre1

git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@643 4b5297f7-1745-476d-ba37-a9c6900126ab

xep-0071.xml

@@ -36,6 +36,12 @@
     <url>http://www.xmpp.org/schemas/xhtml-im/xhtml-im-model.xsd</url>
   </schemaloc>
   &stpeter;
+  <revision>
+    <version>1.2pre1</version>
+    <date>in progress, last updated 2007-03-05</date>
+    <initials>psa</initials>
+    <remark>Clarified security considerations regarding images.</remark>
+  </revision>
   <revision>
     <version>1.1</version>
     <date>2006-01-11</date>
@@ -773,7 +779,7 @@ That seems fine to me.
   </section2>
 </section1>
 <section1 topic='Security Considerations' anchor='security'>
-  <p>The exclusion of scripts, applets, and other multimedia elements reduces the risk of exposure to harmful or malicious objects caused by inclusion of XHTML content. Because of security concerns related to images, an implementation MAY choose not to show images but instead show only the 'alt' text. Because of security concerns related to hyperlinks, an implementation MAY choose not to make them clickable.</p>
+  <p>The exclusion of scripts, applets, and other multimedia elements reduces the risk of exposure to harmful or malicious objects caused by inclusion of XHTML content. In order to reduce the risk of so-called "phishing" attacks, an implementation MAY choose not to make hyperlinks clickable. Because images served on the Internet may contain malicious instructions or software code and may enable the entity serving the image to determine the network availability of the requesting entity, an implementation MAY choose not to show images but instead show only the 'alt' text or to not fetch images offered by entities that are not authorized to view the user's presence.</p>
 </section1>
 <section1 topic='W3C Considerations' anchor='w3c'>
   <p>The usage of XHTML 1.0 defined herein meets the requirements for XHTML 1.0 Integration Set document type conformance as defined in Section 3 ("Conformance Definition") of <cite>Modularization of XHTML</cite>.</p>