Anypoint Best Practices
no-eval-in-markdown
general > no-eval-in-markdown
Guidance
This rule protects against cross-site scripting (XSS) attacks that could happen when you add description
documents from third parties and use the parsed content rendered in HTML/JS. If one of those third parties
does something like inject `eval()` JavaScript statements, it could lead to an XSS attack.
Message
Don not use `eval()` in markdown.
Examples
valid
#%RAML 1.0
title: ANG Governance xAPI
description: ANG Governance xAPI
invalid
#%RAML 1.0
title: ANG Governance xAPI
description: ANG Governance xAPI eval(...)
Applies to WebAPI