From c15690660a0fccd1c5bc5a5ace811a2317434cb0 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Mon, 5 Apr 2021 20:18:46 -0600 Subject: [PATCH 1/3] Sprinkle some DANGER: UNSAFE warnings over the spec about event bodies Specs [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) Based on https://github.com/matrix-org/matrix-doc/pull/3094 --- content/_index.md | 12 ++++++++++++ content/client-server-api/_index.md | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/content/_index.md b/content/_index.md index 0b82c74af49..d28d5c4b61c 100644 --- a/content/_index.md +++ b/content/_index.md @@ -232,6 +232,18 @@ reserved for events defined in the Matrix specification - for instance `m.room.message` is the event type for instant messages. Events are usually sent in the context of a "Room". +{{% boxes/warning %}} +Event bodies are considered untrusted data. This means that anyone using +Matrix must validate that the event body is of the expected shape/schema +before using the contents verbatim. + +**It is not safe to assume that an event body will have all the expected +fields of the expected types.** + +See [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) for more +detail on why this assumption is unsafe. +{{% /boxes/warning %}} + ### Event Graphs Events exchanged in the context of a room are stored in a directed diff --git a/content/client-server-api/_index.md b/content/client-server-api/_index.md index 06d161becc6..adace4f0682 100644 --- a/content/client-server-api/_index.md +++ b/content/client-server-api/_index.md @@ -1381,6 +1381,18 @@ opaque string. No changes should be required to support the currently available room versions. {{% /boxes/warning %}} +{{% boxes/warning %}} +Event bodies are considered untrusted data. This means that anyone using +Matrix must validate that the event body is of the expected shape/schema +before using the contents verbatim. + +**It is not safe to assume that an event body will have all the expected +fields of the expected types.** + +See [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) for more +detail on why this assumption is unsafe. +{{% /boxes/warning %}} + ### Types of room events Room events are split into two categories: From f3edecf4fb488ace799934ff51bee0ebca62ac51 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Mon, 5 Apr 2021 20:20:35 -0600 Subject: [PATCH 2/3] Changelog --- changelogs/client_server/newsfragments/3099.clarification | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelogs/client_server/newsfragments/3099.clarification diff --git a/changelogs/client_server/newsfragments/3099.clarification b/changelogs/client_server/newsfragments/3099.clarification new file mode 100644 index 00000000000..0e104a803e9 --- /dev/null +++ b/changelogs/client_server/newsfragments/3099.clarification @@ -0,0 +1 @@ +Clarify that event bodies are untrusted, as per [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801). \ No newline at end of file From 9135a3275cbeb5e0606bfabd1c3efe1845c52967 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Tue, 6 Apr 2021 09:59:10 -0600 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Matthew Hodgson --- content/_index.md | 2 +- content/client-server-api/_index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/_index.md b/content/_index.md index d28d5c4b61c..845fbc9f95c 100644 --- a/content/_index.md +++ b/content/_index.md @@ -233,7 +233,7 @@ reserved for events defined in the Matrix specification - for instance usually sent in the context of a "Room". {{% boxes/warning %}} -Event bodies are considered untrusted data. This means that anyone using +Event bodies are considered untrusted data. This means that any application using Matrix must validate that the event body is of the expected shape/schema before using the contents verbatim. diff --git a/content/client-server-api/_index.md b/content/client-server-api/_index.md index adace4f0682..ed4d0399e0f 100644 --- a/content/client-server-api/_index.md +++ b/content/client-server-api/_index.md @@ -1382,7 +1382,7 @@ available room versions. {{% /boxes/warning %}} {{% boxes/warning %}} -Event bodies are considered untrusted data. This means that anyone using +Event bodies are considered untrusted data. This means that any application using Matrix must validate that the event body is of the expected shape/schema before using the contents verbatim.