Sprinkle some DANGER: UNSAFE warnings over the spec about event bodies

turt2live · richvdh · commit 30f37f1e6693 · 2021-08-27T19:17:10.000+01:00
Specs [MSC2801](#2801) Based on #3094
diff --git a/content/_index.md b/content/_index.md
@@ -232,6 +232,18 @@ reserved for events defined in the Matrix specification - for instance
 `m.room.message` is the event type for instant messages. Events are
 usually sent in the context of a "Room".
 
+{{% boxes/warning %}}
+Event bodies are considered untrusted data. This means that anyone using
+Matrix must validate that the event body is of the expected shape/schema
+before using the contents verbatim.
+
+**It is not safe to assume that an event body will have all the expected
+fields of the expected types.**
+
+See [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) for more
+detail on why this assumption is unsafe.
+{{% /boxes/warning %}}
+
 ### Event Graphs
 
 Events exchanged in the context of a room are stored in a directed
diff --git a/content/client-server-api/_index.md b/content/client-server-api/_index.md
@@ -1381,6 +1381,18 @@ opaque string. No changes should be required to support the currently
 available room versions.
 {{% /boxes/warning %}}
 
+{{% boxes/warning %}}
+Event bodies are considered untrusted data. This means that anyone using
+Matrix must validate that the event body is of the expected shape/schema
+before using the contents verbatim.
+
+**It is not safe to assume that an event body will have all the expected
+fields of the expected types.**
+
+See [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) for more
+detail on why this assumption is unsafe.
+{{% /boxes/warning %}}
+
 ### Types of room events
 
 Room events are split into two categories:
