wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Clarify that the external_url is unsafe

Browse source
This commit is contained in:
Travis Ralston 2018-08-30 11:07:09 -06:00
parent a48f7b9278
commit 1a3f112337
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
specification/application_service_api.rst
View file

@ -385,3 +385,7 @@ where an HTTP URL may be available to reference.
Clients should provide users with a way to access the ``external_url`` if it Clients should provide users with a way to access the ``external_url`` if it
is present. Clients should additionally ensure the URL has a scheme of ``https`` is present. Clients should additionally ensure the URL has a scheme of ``https``
or ``http`` before making use of it. or ``http`` before making use of it.
The presence of an ``external_url`` on an event does not necessarily mean the
event was sent from an application service. Clients should be wary of the URL
contained within, as it may not be a legitimate reference to the event's source.