3Ağu
"One of your code blocks includes unescaped HTML." JS console security warning
I operate a blog using Google's Blogger platform about programming. I use highlight.js for syntax highlighting, and now on my posts I see the console warning: One of your code blocks includes unescaped HTML. This is a potentially serious security risk.
I read somewhere that this has to do with cross-site scripting (XSS) but I have no idea how to solve this issue. Here is an example of a code block in my post's HTML:
<pre>
<code style="text-align: left;">
button.addEventListener('click', () => {
console.log('Button got clicked.');
});
</code>
</pre>
Note that while I typed this and other code blocks into the HTML editor inside of Blogger, I simply typed the >
character and the editor changed it to >
(>) on saving. There are many examples of this within my posts. How can I resolve this?