103 points | by joshka 2 days ago ago
4 comments
Completely appalled to learn that docs.rs lets you inject any html/css/js you want into the live site (on pages documenting your crate). I love the flexibility but shudder at the security hole the size of, oh, I don’t know, the Grand Canyon.
It’s not a new discovery, I just didn’t know docs.rs (intentionally) wasn’t blocking this. Cf https://docs.rs/pwnies/0.0.13/pwnies/
How have other doc providers handled multilingual code highlighting at scale?
Also, seems clever to use custom elements to reduce `<span class="highlight-whatever">` to `<a-k>`.
this looks like a truly amazing piece of work. props to the author for doing a very thorough job.
Amos is horrifyingly productive!
Completely appalled to learn that docs.rs lets you inject any html/css/js you want into the live site (on pages documenting your crate). I love the flexibility but shudder at the security hole the size of, oh, I don’t know, the Grand Canyon.
It’s not a new discovery, I just didn’t know docs.rs (intentionally) wasn’t blocking this. Cf https://docs.rs/pwnies/0.0.13/pwnies/
How have other doc providers handled multilingual code highlighting at scale?
Also, seems clever to use custom elements to reduce `<span class="highlight-whatever">` to `<a-k>`.
this looks like a truly amazing piece of work. props to the author for doing a very thorough job.
Amos is horrifyingly productive!