Add section on syntax errors to readme

author: Titus Wormer <tituswormer@gmail.com> 2022-09-09 18:18:06 +0200
committer: Titus Wormer <tituswormer@gmail.com> 2022-09-09 18:18:06 +0200
commit: 1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3 (patch)
tree: b8afc57ac96b73be18e091a36dfaeba3916ef34f /readme.md
parent: 231eebe98db853668ebfc83581df9148f4aa7645 (diff)
download: markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.tar.gz
markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.tar.bz2
markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/readme.md b/readme.md
index 5d4038d..ac22d1c 100644
--- a/readme.md
+++ b/readme.md
@@ -388,6 +388,14 @@ dangerous protocols are used, as it encodes or drops them.
 Turning on the `allow_dangerous_html` or `allow_dangerous_protocol` options for
 user-provided markdown opens you up to XSS attacks.
 
+An aspect related to XSS for security is syntax errors: markdown itself has no
+syntax errors.
+Some syntax extensions (specifically, only MDX) do include syntax errors.
+For that reason, `micromark_with_options` returns `Result<(), String>`, of which
+the error is a simple string indicating where the problem happened, what
+occurred, and what was expected instead.
+Make sure to handle your errors when using MDX.
+
 Another security aspect is DDoS attacks.
 For example, an attacker could throw a 100mb file at micromark, in which case
 it’s going to take a long while to finish.
author	Titus Wormer <tituswormer@gmail.com>	2022-09-09 18:18:06 +0200
committer	Titus Wormer <tituswormer@gmail.com>	2022-09-09 18:18:06 +0200
commit	1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3 (patch)
tree	b8afc57ac96b73be18e091a36dfaeba3916ef34f /readme.md
parent	231eebe98db853668ebfc83581df9148f4aa7645 (diff)
download	markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.tar.gz markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.tar.bz2 markdown-rs-1c9f0b21ac1bef17737731c2bb29d1d8dd98b2f3.zip