XS: documentation

The xs:documentation is currently only rendered by the table macro. The images do not include the documentation.

The proper way to include html is by including an html namespace:

<xs:documentation>
  <code xmlns="http://www.w3.org/1999/xhtml">source code</code>
</xs:documentation>

The add-on supports the use of html inside xs:documentation elements. For security reasons the html is sanitized to reduce the risk for cross site forgery attacks.

The following tags are stripped from the html:

  • script

  • noscript

  • iframe

  • frameset

  • frame

  • noframes

  • head

  • title

  • base

  • style

  • link

  • input

  • textarea

The other tags are validated and possibly stripped. For example <a href=""> is checked for sane urls using these regular expressions:

  • on site URLS: "([\p{L}\p{N}\p{Zs}/\.\?=&\-~])+"

  • off site URLS: "(\s)((ht|f)tp(s?)://|mailto:)[~a-zA-Z0-9-_\.@\#\$%&amp;;:,\?=/\!\(\)](\s)*"

Should you have a use case to make this configurable / disable it, let us know!

PreviousRecursivenessNextLimitations

Last updated