ThisIsMissEm
commented
3 hours ago It's probably also worth adding an explicit "Safety Considerations", i.e., misattribution or misdirection (e.g., pretending one thing is the same as another when it's not)
Whilst reviewing the current draft, I noticed that there wasn't a security considerations section, despite discovery absolutely having security considerations.
One example I can think of is any sort of UGC site that allows using
<a>in user content, and if this can be abused. Another might be cases of redirection exhaustion when resolving discovery links. There was a note about cross-domain, which could probably be highlighted in those considerations.