diff options
author | Titus Wormer <tituswormer@gmail.com> | 2022-09-09 18:18:06 +0200 |
---|---|---|
committer | Titus Wormer <tituswormer@gmail.com> | 2022-09-09 18:18:06 +0200 |
commit | 1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3 (patch) | |
tree | b8afc57ac96b73be18e091a36dfaeba3916ef34f | |
parent | 231eebe98db853668ebfc83581df9148f4aa7645 (diff) | |
download | markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.tar.gz markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.tar.bz2 markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.zip |
Add section on syntax errors to readme
-rw-r--r-- | readme.md | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -388,6 +388,14 @@ dangerous protocols are used, as it encodes or drops them. Turning on the `allow_dangerous_html` or `allow_dangerous_protocol` options for user-provided markdown opens you up to XSS attacks. +An aspect related to XSS for security is syntax errors: markdown itself has no +syntax errors. +Some syntax extensions (specifically, only MDX) do include syntax errors. +For that reason, `micromark_with_options` returns `Result<(), String>`, of which +the error is a simple string indicating where the problem happened, what +occurred, and what was expected instead. +Make sure to handle your errors when using MDX. + Another security aspect is DDoS attacks. For example, an attacker could throw a 100mb file at micromark, in which case it’s going to take a long while to finish. |