Merge pull request #2337 from w3c/symb-link-warning-issue-2322

Adding reference to symbolic links to the threat models (issue 2322)

epub33/core/index.html

@@ -9341,7 +9341,10 @@ <h3>Threat model</h3>
 					<dd>
 						<p>Resources embedded in the EPUB container are not immune to malicious actors, especially when
 							EPUB publications are obtained from untrusted sources. Resources may contain exploits or
-							forms may submit sensitive information to unintended parties.</p>
+							forms that may submit sensitive information to unintended parties.
+							Such actors may also try to gain access to [=remote resources=] using file indirection techniques,
+							such as symbolic links or file aliases.
+						</p>
 						<p>The use of third-party content, such as games and quizzes, may also lead to security and
 							privacy issues if the EPUB creator is not able to fully vet the content.</p>
 					</dd>

epub33/rs/index.html

@@ -2248,8 +2248,12 @@ <h3>Threat model</h3>
 
 					<dt>Malicious content</dt>
 					<dd>
-						<p>EPUB publications may contain resources designed to exploit security flaws in reading systems
-							or the operating systems they run on.</p>
+						<p>
+							EPUB publications may contain resources designed to exploit security flaws in reading systems
+							or the operating systems they run on. Attackers may also try to gain access to
+							[=remote resources=] using file indirection techniques, such as symbolic links or 
+							file aliases.
+						</p>
 						<p>The lack of a standard method of signing EPUB publications means that reading systems cannot
 							always verify whether the content has been tampered with between authoring and loading in
 							the device.</p>