oliver-sanders
commented
2 years ago Note we have since changed markdown parser. Need to check the code to see whether we have any markdown parsing which isn't going through this interface.
Open oliver-sanders opened 2 years ago
oliver-sanders
commented
2 years ago Note we have since changed markdown parser. Need to check the code to see whether we have any markdown parsing which isn't going through this interface.
We are internally processing markdown for mutations.
We then inject this HTML code into the relevant component dynamically.
Security scanners don't like this as it looks like potential code injection. There is another way that is slightly nicer to use an intermediate component.
_Originally posted by @wxtim in https://github.com/cylc/cylc-ui/pull/874#discussion_r782035652_