From 02ca8128dea803ac03455e793ee4f33aad89ab58 Mon Sep 17 00:00:00 2001
From: John MacFarlane <jgm@berkeley.edu>
Date: Thu, 4 Jun 2015 10:50:22 +0200
Subject: Require replacement of U+0000.  Closes #327.

Previously we said that NULL must be replaced or stripped,
but this was too vague, and stripping might be a security
risk in itself.
---
 spec.txt | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/spec.txt b/spec.txt
index b9a1cec..c619e9c 100644
--- a/spec.txt
+++ b/spec.txt
@@ -215,9 +215,6 @@ followed by a [line ending] or by the end of file.
 A [line ending](@line-ending) is a newline (`U+000A`), carriage return
 (`U+000D`), or carriage return + newline.
 
-For security reasons, a conforming parser must strip or replace the
-Unicode character `U+0000`.
-
 A line containing no characters, or a line containing only spaces
 (`U+0020`) or tabs (`U+0009`), is called a [blank line](@blank-line).
 
@@ -269,6 +266,11 @@ Tabs in lines are expanded to spaces, with a tab stop of 4 characters:
 </code></pre>
 .
 
+## Insecure characters
+
+For security reasons, the Unicode character `U+0000` must be replaced
+with the replacement character (`U+FFFD`).
+
 # Blocks and inlines
 
 We can think of a document as a sequence of
-- 
cgit v1.2.3