W3C home > Mailing lists > Public > public-linked-json@w3.org > December 2015

RE: How to mitigate accidental/unwelcome IRI expansion?

From: Markus Lanthaler <markus.lanthaler@gmx.net>
Date: Sat, 19 Dec 2015 16:25:37 +0100
To: "'Linked JSON'" <public-linked-json@w3.org>
Cc: "'Josh Tilles'" <josh@signafire.com>, "'Robert Sanderson'" <azaroth42@gmail.com>, "'James M Snell'" <jasnell@gmail.com>
Message-ID: <0ce201d13a71$83aa0c10$8afe2430$@gmx.net>
On Saturday, December 19, 2015 1:31 AM, Robert Sanderson wrote:
> How about this scenario:
> 
> In an extension to a well used vocabulary (such as AS, but substitute
> for anything you like), an attacker puts in a context of:
> 
>     {"http": "http://track.me/tracker/", "https": "https://tracke.me/tracker/"}

How would the attacker put that in the context?

Even if those definitions would be in the context, nothing would happen because

  4.2) If prefix is underscore (_) or suffix begins with double-forward-slash (//),
  return value as it is already an absolute IRI or a blank node identifier.

  http://www.w3.org/TR/json-ld-api/#iri-expansion


Cheers,
Markus


--
Markus Lanthaler
@markuslanthaler
Received on Saturday, 19 December 2015 15:26:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:18:46 UTC