JavaScript allert on http://rubydoc.info/gems/yajl-ruby/1.1.0/frames
As in the Subject. While visiting mentioned site (yajl-ruby radme), I was greet by JavaScript alert (with "hi!" contents). The source part of the problem:
```
``` html
``````
On github it works well. I am not sure if it's README or yard problem..
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by lsegal on 29 Nov, 2011 04:40 PM
Actually this is an expected (but unfortunate) feature of markdown formatting. Markdown allows the use of html tags, including script, apparently. The reason this shows up unformatted on rubydoc but not github is that the README is using Github specific markdown formatting but did not enable it on rubydoc.info, so it's not being recognized as a codeblock on the site, and therefore parsed as HTML. It's possible that we could start manually sanitizing script tags from all formatted html, but I'd rather not have to do this, as we should be able to trust our library authors to use their powers responsibly.
2 Posted by Ernest on 30 Nov, 2011 05:36 PM
I posted an issue on Github: https://github.com/brianmario/yajl-ruby/issues/91
lsegal closed this discussion on 20 Mar, 2013 06:55 PM.