JavaScript allert on

's Avatar


29 Nov, 2011 12:51 PM

As in the Subject. While visiting mentioned site (yajl-ruby radme), I was greet by JavaScript alert (with "hi!" contents). The source part of the problem:


``` html



On github it works well. I am not sure if it's README or yard problem..

  1. Support Staff 1 Posted by lsegal on 29 Nov, 2011 04:40 PM

    lsegal's Avatar

    Actually this is an expected (but unfortunate) feature of markdown formatting. Markdown allows the use of html tags, including script, apparently. The reason this shows up unformatted on rubydoc but not github is that the README is using Github specific markdown formatting but did not enable it on, so it's not being recognized as a codeblock on the site, and therefore parsed as HTML. It's possible that we could start manually sanitizing script tags from all formatted html, but I'd rather not have to do this, as we should be able to trust our library authors to use their powers responsibly.

  2. 2 Posted by Ernest on 30 Nov, 2011 05:36 PM

    Ernest's Avatar
  3. lsegal closed this discussion on 20 Mar, 2013 06:55 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac