Anypoint Best Practices
no-script-tags-in-markdown
general > no-script-tags-in-markdown
Guidance
This rule protects against a potential exploit, that can occur when you add description documents from third parties then
generate HTML documentation. If one of those third parties does something like inject `<script>` tags, they
could easily execute arbitrary code on your domain.
Message
Do not use script tags in markdown
Examples
valid
#%RAML 1.0
title: ANG Governance xAPI
description: ANG Governance xAPI
invalid
#%RAML 1.0
title: ANG Governance xAPI
description: ANG Governance xAPI <script>
Applies to WebAPI