$$Include{docs/siteMacros.textCarver}

# Security
TextCarver has one minor security vulnerability: it uses CommonMark, which has some [known security issues](https:\/\/talk.commonmark.org/t/make-commonmark-safe-by-default/1265). So you should understand those (and HTML sanitization more generally) before running untrusted source code through it.

Oh, actually it has another giant, gaping security vulnerability: TextCarver is by design a robust programming language. So running untrusted code through it creates a vast number of security vulnerabilities. And if that wasn’t bad enough, it allows execution of arbitrary JavaScript.

So I probably wouldn’t even consider running untrusted code through it, if I were you.



[Next: What’s Missing?](4aWhatsMissing.html)