-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rustdoc
should escape <>
#18419
Comments
I don't think this is a good idea, including inline HTML is legitimate. Maybe a rustdoc warning might be good, but just escaping everything entirely seems unfortunate. |
In this sort of case, |
@huonw should we really assume Rustdoc will only even support outputting html? It already supports outputting json for other tools, what if such tools do not support html? |
Inline HTML is part of "the" markdown spec (to be specific, the commonmark spec), so as long as rustdoc uses markdown it seems that it should support this. I'm not too fussed either way, but it's how markdown is. (rustdoc doesn't currently use that spec, but there is interest in switching to it.) |
I don’t think that producing arbitrary or invalid html is a good idea. This could easily backfire if one would decide to include some more sophisticated documentation on crates.io or elsewhere. I’m just saying |
Even if rustdoc protected against this specific instance, I wouldn't rely on it being trustworthy to avoid XSS (etc.) in the face of a malicious attacker, meaning a doc hosting service should always serve the rendered docs on a credential-less domain. (e.g. like the github.com vs. github.io split.) |
@huonw It should still be addressed. |
I don't personally think Improvements we could possibly make (off the top of my head) are:
I guess these may be quite hard (doing it properly would give I'm willing to be convinced that rustdoc should completely ignore this aspect of the commonmark spec, but, it would take some convincing (more than the objections to it mentioned so far :) )... at the very least, supporting no HTML ever does diverge from many of the most popular installations of markdown, e.g. github and stackexchange both support subsets of inline HTML. |
One more objection would be the backward-compatiblity Rust wants to achieve. Make a sensible restriction for some subsets of HTML (such as |
Triage: no change. still unsure if this is a thing we'll actually do, but maybe. |
Today it probably runs into the backward-compatiblity problems described above. |
Then maybe resolving the issue? I personally prefer to keep Rustdoc CommonMark-compatible. |
Indeed. |
fix: Put leading `|` in patterns under `OrPat`
For an example where this is necessary, see the docs for
StrInterner
: The generated HTML code looks like this:<p>A StrInterner differs from Interner<String> in that it accepts &str rather than RcStr, resulting in less allocation.</p>
The text was updated successfully, but these errors were encountered: