[RULE REQUEST] Flag HTML in markdown
michaelcfanning opened this issue · 2 comments
michaelcfanning commented
The SARIF spec is quite clear that producers shouldn't emit HTML and that producers should be extremely wary of its inclusion.
Static Analysis Results Interchange Format (SARIF) Version 2.1.0 (oasis-open.org)
We should update our validator to raise an error on detecting any HTML constructs in markdown message properties.
KalleOlaviNiemitalo commented
Don't flag escaped HTML though.
Use the \<kbd\> tag.
```HTML
<p>Press <kbd>Enter</kbd> when finished.</p>
```michaelcfanning commented
Very good call-out.