New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible attack surface with solid:oidcIssuer and relative URLs #212

Closed

RubenVerborgh opened this issue Dec 15, 2022 · 1 comment

RubenVerborgh commented Dec 15, 2022 •

edited

Loading

No description provided.

Member

elf-pavlik commented Dec 19, 2022

I don't think mandating absolute URLs is a viable path, given that Turtle is mandated and that Turtle supports relative URLs.

I think we could mandate that the triple pattern has to be matched using absolute IRIs.

RDF abastact syntax requires IRIs to be absolute

https://www.w3.org/TR/rdf11-concepts/#section-IRIs

IRIs in the RDF abstract syntax MUST be absolute, and MAY contain a fragment identifier.

Whatever application parses the WebID document, it should be able to get the absolute IRIs before matching the pattern.

RubenVerborgh closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment