Hi, Could someone please briefly explain why using HTML is unsafe? A clear answer would help me understand safe boundaries whilst working with streamlit. Apologies for my naivety on this subject. Streamlit is great, my programming skills are not:-) Danny

Hi @dahanoo , welcome to the Streamlit community! This is a great question…we refer to HTML as “unsafe” as a keyword argument, to highlight the fact that you can run JavaScript within the widget. We’re highlighting the fact that Streamlit itself will not be able to prove the code’s safety, since a…

Why is using HTML unsafe?

Using Streamlit

GokulNC August 21, 2020, 9:26am 4

As you said, I see that <script> tags are removed with st.markdown(raw_html, unsafe_allow_html=True).

If that’s case, (that is, if we cannot inject JS using that), why is this still called unsafe?

Topic		Replies	Views
Every security aspects of allow_unsafe_html Deployment discussion	8	951	November 12, 2024
Minor formatting, unsafe_allow_html and fields coming from user Using Streamlit	3	654	February 7, 2023
Embedding PDFs Using Streamlit layout	4	3069	November 19, 2021
Unsafe_allow_html in code block Using Streamlit	2	5533	April 24, 2024
Pass variables between HTML files and streamlit Using Streamlit	1	815	June 26, 2023

Why is using HTML unsafe?

Related topics