2017-11-28 UTC
# 
aaronpk PROPOSED: Drop the at-risk limitation of <link> discovery restricted to the <head>, and add a security consideration saying that user-generated content on pages advertising a hub should be sanitized to remove <link> tags. Replace the at-risk sentence with a "note" that since <link> has been limited to the <head> for many years, consuming code might only check the <head> so it is more robust to place the