HTML in new Markdown Readme file seems broken

HTML on the new Markdown Readme files used to document projects was working but seems to have broken now. Example of issues: https://studio.edgeimpulse.com/studio/53271

Hey @acelisalas Yeah we restricted the use of HTML tags in Markdown until we’ve re-enabled our Content Security Policy headers again so we don’t accidentally allow people to run <script> tags from random projects.

ok thanks for the clarification :slight_smile: ! @janjongboom

Gave it some thought with the rest of the Studio team, and we’ll not be reinstantiating HTML support here, and rather just stick to plain Markdown. Main reasons:

  1. Sanitizing HTML is really hard.
  2. We have CSP headers so you can’t inject scripts if we don’t sanitize well, but we’ve had issues where CSP had to be temporarily be disabled - allowing for vulnerabilities to sneak through.
  3. Hosting iframe’s can be used to start downloading malware when someone visits a project page, which will look like it comes from Edge Impulse.

I saw that you moved all the videos to a secondary page on GitHub Pages, which seems like a good idea.

2 Likes

thanks for the detailed explanation @janjongboom, all clear!.