5.1 Security Considerations for Implementers

The Html child element of ViewElement (section 2.2.4.51), the Html child element of Notes (section 2.2.4.37), and the EditHtml child element of EditShape (section 2.2.4.28) contain [HTML] fragments. HTML fragments are susceptible to cross-site scripting attacks. Implementers are advised to sanitize these HTML fragments when generating or processing these elements.

Some operations which specify a change to a presentation such as DeleteSlide (section 3.1.4.17) are susceptible to cross-site request forgery attacks. Implementers are advised to use a canary<101> to mitigate operations from this type of attack.

There are no additional security considerations that are specific to this protocol. General security considerations that pertain to [RFC2822] apply.