From e5148d0548153e0de71252278951dbd771d42a39 Mon Sep 17 00:00:00 2001 From: Peter Saint-Andre Date: Tue, 6 Mar 2007 17:06:12 +0000 Subject: [PATCH] 1.2pre1 git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@643 4b5297f7-1745-476d-ba37-a9c6900126ab --- xep-0071.xml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xep-0071.xml b/xep-0071.xml index 6fba2cd7..db515aff 100644 --- a/xep-0071.xml +++ b/xep-0071.xml @@ -36,6 +36,12 @@ http://www.xmpp.org/schemas/xhtml-im/xhtml-im-model.xsd &stpeter; + + 1.2pre1 + in progress, last updated 2007-03-05 + psa + Clarified security considerations regarding images. + 1.1 2006-01-11 @@ -773,7 +779,7 @@ That seems fine to me. -

The exclusion of scripts, applets, and other multimedia elements reduces the risk of exposure to harmful or malicious objects caused by inclusion of XHTML content. Because of security concerns related to images, an implementation MAY choose not to show images but instead show only the 'alt' text. Because of security concerns related to hyperlinks, an implementation MAY choose not to make them clickable.

+

The exclusion of scripts, applets, and other multimedia elements reduces the risk of exposure to harmful or malicious objects caused by inclusion of XHTML content. In order to reduce the risk of so-called "phishing" attacks, an implementation MAY choose not to make hyperlinks clickable. Because images served on the Internet may contain malicious instructions or software code and may enable the entity serving the image to determine the network availability of the requesting entity, an implementation MAY choose not to show images but instead show only the 'alt' text or to not fetch images offered by entities that are not authorized to view the user's presence.

The usage of XHTML 1.0 defined herein meets the requirements for XHTML 1.0 Integration Set document type conformance as defined in Section 3 ("Conformance Definition") of Modularization of XHTML.