Strings are rendered directly to the output HTML. That means that if a string has actual HTML, it could have side effects.
Those strings (Most of them) should be encoded in some way, except for markdown ones.
As the CV is personal, edited by the owner and used by the owner, it's not being considered a security risk.
Strings are rendered directly to the output HTML. That means that if a string has actual HTML, it could have side effects.
Those strings (Most of them) should be encoded in some way, except for markdown ones.
As the CV is personal, edited by the owner and used by the owner, it's not being considered a security risk.