@@ -12229,11 +12229,16 @@ <h3>Examples</h3>
1222912229< section id ="security " class ="appendix ">
1223012230 < h3 > Security Considerations</ h3 >
1223112231 < p > See, < a href ="#iana-security "> Security Considerations</ a > in < a href ="#iana-considerations " class ="sectionRef "> </ a > .</ p >
12232+ < p > Future versions of this specification
12233+ may incorporate subresource integrity [[?SRI]] as a means of ensuring that cached and retrieved
12234+ content matches data retrieved from remote servers; see < a href ="https://github.com/w3c/json-ld-syntax/issues/86 "> issue 86</ a > .</ p >
1223212235</ section >
1223312236
1223412237< section id ="privacy " class ="appendix ">
1223512238 < h3 > Privacy Considerations</ h3 >
12236- < p > The retrieval of external contexts can expose the operation of a JSON-LD processor
12239+ < p > The retrieval of external contexts can expose the operation of a JSON-LD processor,
12240+ allow intermediate nodes to fingerprint the client application through introspection of retrieved resources
12241+ (see [[?fingerprinting-guidance]]), and
1223712242 and provide an opportunity for a man-in-the-middle attack.
1223812243 To protect against this, publishers should consider caching remote contexts for future use,
1223912244 or use the < a data-cite ="JSON-LD11-API#dom-jsonldoptions-documentloader "> documentLoader</ a >
@@ -12246,13 +12251,14 @@ <h3>Internationalization Considerations</h3>
1224612251 properly record < a > JSON-LD Values</ a > which are < a > strings</ a > with left-to-right or right-to-left direction indicators.
1224712252 Both JSON-LD and RDF provide a mechanism for specifying the language associated with
1224812253 a string (< a > language-tagged string</ a > ), but do not provide a means of indicating
12249- the direction of the string.</ p >
12254+ the base direction of the string.</ p >
1225012255
1225112256 < p > Unicode provides a mechanism for signaling direction within a string
1225212257 (see < a data-cite ="UAX9 "> Unicode Bidirectional Algorithm</ a > [[UAX9]]),
1225312258 however, when a string has an overall base direction which cannot be determined by the
1225412259 beginning of the string, an external indicator is required,
12255- such as the [[HTML]] < a data-cite ="HTML/dom.html#the-dir-attribute "> dir attribute</ a > .</ p >
12260+ such as the [[HTML]] < a data-cite ="HTML/dom.html#the-dir-attribute "> dir attribute</ a > ,
12261+ which currently has no counterpart for < a > RDF literals</ a > .</ p >
1225612262
1225712263 < p > The issue of properly representing text direction in RDF is not something that
1225812264 this Working Group can handle, as it is a limitation or the core RDF data model.
@@ -12262,7 +12268,9 @@ <h3>Internationalization Considerations</h3>
1226212268 < p > Until a more comprehensive solution can be addressed in a future version of this
1226312269 specification, publishers should consider this issue when representing strings
1226412270 where the text direction of the string cannot otherwise be correctly inferred
12265- based on the content of the string.</ p >
12271+ based on the content of the string.
12272+ See [[?string-meta]] for a discussion best practices for
12273+ identifying language and base direction for strings used on the Web.</ p >
1226612274</ section >
1226712275
1226812276< section class ="appendix informative preserve ">
0 commit comments