From 30f37f1e669308d1f648ae40c2a942fbbd30507f Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Mon, 5 Apr 2021 20:18:46 -0600 Subject: [PATCH] Sprinkle some DANGER: UNSAFE warnings over the spec about event bodies Specs [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) Based on https://github.com/matrix-org/matrix-doc/pull/3094 --- content/_index.md | 12 ++++++++++++ content/client-server-api/_index.md | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/content/_index.md b/content/_index.md index 0b82c74a..d28d5c4b 100644 --- a/content/_index.md +++ b/content/_index.md @@ -232,6 +232,18 @@ reserved for events defined in the Matrix specification - for instance `m.room.message` is the event type for instant messages. Events are usually sent in the context of a "Room". +{{% boxes/warning %}} +Event bodies are considered untrusted data. This means that anyone using +Matrix must validate that the event body is of the expected shape/schema +before using the contents verbatim. + +**It is not safe to assume that an event body will have all the expected +fields of the expected types.** + +See [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) for more +detail on why this assumption is unsafe. +{{% /boxes/warning %}} + ### Event Graphs Events exchanged in the context of a room are stored in a directed diff --git a/content/client-server-api/_index.md b/content/client-server-api/_index.md index 06d161be..adace4f0 100644 --- a/content/client-server-api/_index.md +++ b/content/client-server-api/_index.md @@ -1381,6 +1381,18 @@ opaque string. No changes should be required to support the currently available room versions. {{% /boxes/warning %}} +{{% boxes/warning %}} +Event bodies are considered untrusted data. This means that anyone using +Matrix must validate that the event body is of the expected shape/schema +before using the contents verbatim. + +**It is not safe to assume that an event body will have all the expected +fields of the expected types.** + +See [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) for more +detail on why this assumption is unsafe. +{{% /boxes/warning %}} + ### Types of room events Room events are split into two categories: