Anypoint Best Practices

(14 reviews)

no-script-tags-in-markdown

general > no-script-tags-in-markdown

Guidance

This rule protects against a potential exploit, that can occur when you add description documents from third parties then
generate HTML documentation. If one of those third parties does something like inject `<script>` tags, they
could easily execute arbitrary code on your domain.

Message

Do not use script tags in markdown

Examples

valid

#%RAML 1.0
title: ANG Governance xAPI
description: ANG Governance xAPI

invalid

#%RAML 1.0
title: ANG Governance xAPI
description: ANG Governance xAPI <script>

Applies to WebAPI

Constraint

Type: Declarative Validation

Reviews

Asset overview
Type	Ruleset
Organization	MuleSoft
Published by	MuleSoft Organization
Published on	Dec 11, 2023

Asset versions for 1.6.x

Asset versions
Version	Actions
1.6.1
1.6.0