Updates to security considerations from N-Quads w3c/rdf-n-quads#19.

gkellogg · gkellogg · commit 40a2a746c0f8 · 2023-03-14T13:59:29.000-07:00
diff --git a/spec/index.html b/spec/index.html
@@ -1306,25 +1306,26 @@ <h2>Security Considerations</h2>
   <p>RDF can express data which is presented to the user, such as RDF Schema labels.
     Applications rendering strings retrieved from untrusted RDF documents,
     or using unescaped characters,
-    SHOULD ensure that malignant strings may not be used to mislead the reader.
+    SHOULD use warnings and other appropriate means to limit the possibility
+    that malignant strings might be used to mislead the reader.
     The security considerations in the media type registration for XML ([[!RFC3023]] section 10)
     provide additional guidance around the expression of arbitrary data and markup.</p>
 
   <p>RDF uses <a>IRIs</a> as term identifiers.
     Applications interpreting data expressed in RDF SHOULD address the security issues of
-    [[[RFC3987]]] [[RFC3987]] Section 8,
-    as well as [[[RFC3986]]] [[RFC3986]] Section 7.</p>
+    [[[!RFC3987]]] [[!RFC3987]] Section 8, as well as
+    [[[!RFC3986]]] [[!RFC3986]] Section 7.</p>
 
   <p>Multiple <a>IRIs</a> may have the same appearance.
-     Characters in different scripts may look similar
-     (a Cyrillic &quot;&#1086;&quot; may appear similar to a Latin &quot;o&quot;).
+     Characters in different scripts may look similar (for instance,
+     a Cyrillic &quot;&#1086;&quot; may appear similar to a Latin &quot;o&quot;).
      A character followed by combining characters may have the same visual representation
-     as another character (LATIN SMALL LETTER "E" followed by COMBINING ACUTE ACCENT
-     has the same visual representation as LATIN SMALL LETTER "E" WITH ACUTE).
+     as another character (for example, LATIN SMALL LETTER "E" followed by COMBINING ACUTE
+     ACCENT has the same visual representation as LATIN SMALL LETTER "E" WITH ACUTE).
      Any person or application that is writing or interpreting data in RDF
      must take care to use the IRI that matches the intended semantics,
      and avoid IRIs that may look similar.
-     Further information about matching of similar characters can be found
+     Further information about matching visually similar characters can be found
      in [[[UNICODE-SECURITY]]] [[UNICODE-SECURITY]] and
      [[[RFC3987]]] [[RFC3987]] Section 8.</p>
 
