Open
Description
- CSAF producers SHOULD NOT emit messages that contain HTML, even though all variants of Markdown permit it. To include HTML, source code, or any other content that may be interpreted or executed by a CSAF consumer, e.g. to provide a proof-of-concept, the issuing party SHALL use Markdown's fenced code blocks or inline code option.
Source: Safety, Security, and Data Protection Considerations
A/C:
- Check for HTML content in XML input
- Encode the HTML input for the JSON output
- Write CI/CD test case, where the encoding is checked for a sample file containing HTML