Make note of possible XSS in Rustdoc

steveklabnik · steveklabnik · commit 3ca83a79bf6f · 2015-04-16T23:50:12.000-04:00
Fixes #24160
diff --git a/src/doc/trpl/documentation.md b/src/doc/trpl/documentation.md
@@ -560,3 +560,13 @@ This sets a few different options, with a logo, favicon, and a root URL.
 - `--html-before-content FILE`: includes the contents of FILE directly after
   `<body>`, before the rendered content (including the search bar).
 - `--html-after-content FILE`: includes the contents of FILE after all the rendered content.
+
+## Security note
+
+The Markdown in documentation comments is placed without processing into
+the final webpage. Be careful with literal HTML:
+
+```rust
+/// <script>alert(document.cookie)</script>
+# fn foo() {}
+```
