use of HTML tags like inside a YAML

![medium](https://www.gstatic.com/codereviewagent/medium-priority.svg)

The use of HTML tags like <strong> inside a YAML bio field that is rendered via Nunjucks might lead to XSS vulnerabilities if not properly sanitized. It is safer to use Markdown formatting (as done with the bold text) and ensure the template rendering context handles escaping appropriately.

```yaml
  I'm **Ken Horlador** from Camarines Sur, Philippines. I enjoy learning programming languages and libraries/frameworks like [ReactJS](https://reactjs.org/) with [GatsbyJS](https://www.gatsbyjs.com/) or [NextJS](https://nextjs.org/). I also enjoy wireframing, developing user flows, user interface, user experience and design in general.
```

_Originally posted by @gemini-code-assist[bot] in https://github.com/NextCommunity/NextCommunity.github.io/pull/402#discussion_r3032901800_
            

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

use of HTML tags like inside a YAML #403

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

use of HTML tags like inside a YAML #403

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions