Require replacement of U+0000. Closes #327.

Previously we said that NULL must be replaced or stripped, but this was too vague, and stripping might be a security risk in itself.
author: John MacFarlane <jgm@berkeley.edu> 2015-06-04 10:50:22 +0200
committer: John MacFarlane <jgm@berkeley.edu> 2015-06-04 10:50:22 +0200
commit: 02ca8128dea803ac03455e793ee4f33aad89ab58 (patch)
tree: 9d9e8c3b93fef590b67176b19d16e98866ffa6d0
parent: 4edf470184bb3220f99d8cdd38597d069cf525ca (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/spec.txt b/spec.txt
index b9a1cec..c619e9c 100644
--- a/spec.txt
+++ b/spec.txt
@@ -215,9 +215,6 @@ followed by a [line ending] or by the end of file.
 A [line ending](@line-ending) is a newline (`U+000A`), carriage return
 (`U+000D`), or carriage return + newline.
 
-For security reasons, a conforming parser must strip or replace the
-Unicode character `U+0000`.
-
 A line containing no characters, or a line containing only spaces
 (`U+0020`) or tabs (`U+0009`), is called a [blank line](@blank-line).
 
@@ -269,6 +266,11 @@ Tabs in lines are expanded to spaces, with a tab stop of 4 characters:
 </code></pre>
 .
 
+## Insecure characters
+
+For security reasons, the Unicode character `U+0000` must be replaced
+with the replacement character (`U+FFFD`).
+
 # Blocks and inlines
 
 We can think of a document as a sequence of
author	John MacFarlane <jgm@berkeley.edu>	2015-06-04 10:50:22 +0200
committer	John MacFarlane <jgm@berkeley.edu>	2015-06-04 10:50:22 +0200
commit	02ca8128dea803ac03455e793ee4f33aad89ab58 (patch)
tree	9d9e8c3b93fef590b67176b19d16e98866ffa6d0
parent	4edf470184bb3220f99d8cdd38597d069cf525ca (diff)