MXC sanitising spec is unclear/impossible to apply #1992
Labels
clarification
An area where the expected behaviour is understood, but the spec could do with being more explicit
Comments
richvdh
added
the
clarification
|
This text was added in matrix-org/matrix-spec-proposals#103, ftr |
|
(Apparently Synapse doesn't implement any sanitising anyway: element-hq/synapse#1323) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5 says:
... but it's unclear about where this sanitisation should happen. Should it apply to event bodies? If so, which fields in event bodies? Does it matter what the event type is? What about event types we haven't invented yet? What should happen if we see an event that doesn't match?
In practice, it's pretty much impossible to apply such rules to event bodies (particularly for encrypted events), so I don't think that's what it means. But then, what does it mean?
The text was updated successfully, but these errors were encountered: