• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

Security

Page history last edited by Rob Dolin 14 years, 3 months ago

Below is a rough draft for the Security section of the Activity Streams specs:

 

Since Activity Streams extends Atom, implementing publishers MUST consider the same security concerns as the Atom Syndication Format spec [RFC 4287].

Publishers or Consumers implementing Activity Streams as a stream of public data may also want to consider the potential for unsolicited commercial or malicious content and should take preventative measures to recognize such content and either identify it or not include it in their stream implementations.

Publishers should take reasonable measures to make sure potentially malicious user input such as cross-site scripting attacks are not included in the Activity Streams data they publish.

Consumers that re-emit ingested content to end-users MUST take reasonable measures if emitting ingested content to make sure potentially malicious ingested input is not re-emitted.

Consumers that re-emit ingested content for crawling by search engines should take reasonable measures to limit any use of their site as a Search Engine Optimization loophole.  This may include converting un-trusted hyperlinks to text or including a rel="nofollow" attribute.

Comments (0)

You don't have permission to comment on this page.