diff --git a/index.html b/index.html index a17b5697a..23d9d4668 100644 --- a/index.html +++ b/index.html @@ -6365,7 +6365,7 @@
-It is possible to include data in [=verifiable credentials=] that include +It is possible for data in [=verifiable credentials=] to include executable code or scripting languages. Authors of verifiable credentials are advised to avoid doing so, unless necessary, and the risks have been mitigated to the extent possible. @@ -6376,24 +6376,24 @@
Despite the ability to encode information as HTML, implementers are strongly -discouraged from doing this because it: +discouraged from doing so, for the following reasons:
- +If implementers feel they need to use HTML, or other markup languages capable of containing executable scripts, to address a specific use case, they are advised -to analyze how an attacker would use the markup to mount injection attacks -against a consumer of the markup and then deploy mitigations against the -identified attacks such as running the HTML rendering engine in a sandbox with -no ability to have access to the network. +to analyze how an attacker could use the markup to mount injection attacks +against a consumer of the markup, and then deploy mitigations against the +identified attacks, such as running the HTML rendering engine in a sandbox with +no ability to access the network.