Issue #3016 wontfix

html README files

Matthew Becker
created an issue

Hi,

Can you change the way readme files are rendered on the "Overview" tab of repositories so that if the file has an "<HTML>" tag at the top, it is rendered as web page, but is pure text other wise? This should be an easy thing to do and will give people more flexibility in how their repository looks.

Cheers, Matt

Comments (1)

  1. Dylan Etkin

    Hi Matthew,

    The reason we can not do this is there would be nothing stoping people from inserting malicious JS into such a page. This would open up a huge XSS hole in the site, allow untrusted javascript to run in the trusted bitbucket domain.

    We do support markdown readmes which allows you to craft an html-like readme but with a safe markup language that allows us to avoid the XSS issue.

    Cheers,

    Dylan

  2. Log in to comment