Skip to main contentSee: /MRS-Specification-RFC#15-security-considerations
Parsers MUST validate input before processing:
- Maximum document size limits
- Maximum nesting depth limits
- Maximum event count per measure
- Valid Unicode in strings
Denial of Service Protection
Implementations SHOULD protect against:
- Deeply nested structures (stack overflow)
- Very large measure numbers (memory exhaustion)
- Excessive span counts (O(n²) algorithms)
- Malformed UTF-8 sequences
Working Set Envelopes may expose:
- Source document structure (via
:scope)
- Source document hash (for conflict detection)
- Creator/modifier identity (via
:agent-id)
Implementations SHOULD allow redaction of sensitive metadata when sharing working sets externally.