safe-markdown

safe-markdown

This rule ensures that markdown strings (mostly descriptions) do not contain unsafe operations like script tags or eval() constructs.

Rule Details

Unsafe constructs embedded in markdown strings can pose security risks.

The safe-markdown rule is designed to ensure that markdown strings, primarily used in descriptions, do not contain unsafe operations such as script tags or eval() constructs.

Configuration

None.

Examples

Good.

components:
  schemas:
    User:
      type: object
      description: "This object represents a user in the system."

Bad.

components:
  schemas:
    User:
      type: object
      description: "This object represents a user in the system. <script>alert('Unsafe')</script>"

When Not to Use It

We recommend to always enable this rule.

Compatibility

This rule is compatible with all OpenAPI 3.x versions.

← Back to Index