Merge pull request #3099 from matrix-org/travis/spec/MSC2801-untrusted-bodies

Sprinkle some DANGER: UNSAFE warnings over the spec about event bodies
pull/977/head
Travis Ralston 4 years ago committed by Richard van der Hoff
commit d0d6b77053

@ -0,0 +1 @@
Clarify that event bodies are untrusted, as per [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801).

@ -232,6 +232,18 @@ reserved for events defined in the Matrix specification - for instance
`m.room.message` is the event type for instant messages. Events are `m.room.message` is the event type for instant messages. Events are
usually sent in the context of a "Room". usually sent in the context of a "Room".
{{% boxes/warning %}}
Event bodies are considered untrusted data. This means that any application using
Matrix must validate that the event body is of the expected shape/schema
before using the contents verbatim.
**It is not safe to assume that an event body will have all the expected
fields of the expected types.**
See [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) for more
detail on why this assumption is unsafe.
{{% /boxes/warning %}}
### Event Graphs ### Event Graphs
Events exchanged in the context of a room are stored in a directed Events exchanged in the context of a room are stored in a directed

@ -1381,6 +1381,18 @@ opaque string. No changes should be required to support the currently
available room versions. available room versions.
{{% /boxes/warning %}} {{% /boxes/warning %}}
{{% boxes/warning %}}
Event bodies are considered untrusted data. This means that any application using
Matrix must validate that the event body is of the expected shape/schema
before using the contents verbatim.
**It is not safe to assume that an event body will have all the expected
fields of the expected types.**
See [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) for more
detail on why this assumption is unsafe.
{{% /boxes/warning %}}
### Types of room events ### Types of room events
Room events are split into two categories: Room events are split into two categories:

Loading…
Cancel
Save