aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Titus Wormer <tituswormer@gmail.com>2022-09-09 18:18:06 +0200
committerLibravatar Titus Wormer <tituswormer@gmail.com>2022-09-09 18:18:06 +0200
commit1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3 (patch)
treeb8afc57ac96b73be18e091a36dfaeba3916ef34f
parent231eebe98db853668ebfc83581df9148f4aa7645 (diff)
downloadmarkdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.tar.gz
markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.tar.bz2
markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.zip
Add section on syntax errors to readme
-rw-r--r--readme.md8
1 files changed, 8 insertions, 0 deletions
diff --git a/readme.md b/readme.md
index 5d4038d..ac22d1c 100644
--- a/readme.md
+++ b/readme.md
@@ -388,6 +388,14 @@ dangerous protocols are used, as it encodes or drops them.
Turning on the `allow_dangerous_html` or `allow_dangerous_protocol` options for
user-provided markdown opens you up to XSS attacks.
+An aspect related to XSS for security is syntax errors: markdown itself has no
+syntax errors.
+Some syntax extensions (specifically, only MDX) do include syntax errors.
+For that reason, `micromark_with_options` returns `Result<(), String>`, of which
+the error is a simple string indicating where the problem happened, what
+occurred, and what was expected instead.
+Make sure to handle your errors when using MDX.
+
Another security aspect is DDoS attacks.
For example, an attacker could throw a 100mb file at micromark, in which case
it’s going to take a long while to finish.