HTML on the new Markdown Readme files used to document projects was working but seems to have broken now. Example of issues: https://studio.edgeimpulse.com/studio/53271
Hey @acelisalas Yeah we restricted the use of HTML tags in Markdown until we’ve re-enabled our Content Security Policy headers again so we don’t accidentally allow people to run
<script> tags from random projects.
ok thanks for the clarification ! @janjongboom
Gave it some thought with the rest of the Studio team, and we’ll not be reinstantiating HTML support here, and rather just stick to plain Markdown. Main reasons:
- Sanitizing HTML is really hard.
- We have CSP headers so you can’t inject scripts if we don’t sanitize well, but we’ve had issues where CSP had to be temporarily be disabled - allowing for vulnerabilities to sneak through.
- Hosting iframe’s can be used to start downloading malware when someone visits a project page, which will look like it comes from Edge Impulse.
I saw that you moved all the videos to a secondary page on GitHub Pages, which seems like a good idea.
thanks for the detailed explanation @janjongboom, all clear!.