probably was needed to make the flaky test pass for the documentation...

@LucaPaterlini, thanks for the interest in FastAPI!
Could you please add more reasoning on why we need to add this?

https://cwe.mitre.org/data/definitions/79.html
there is a CWE about not checking the parsed input.
Shall we assume the input is safe on Template?

Thanks for your replies was not expecting this celery response, great fan of your work guys

https://cwe.mitre.org/data/definitions/79.html there is a CWE about not checking the parsed input. Shall we assume the input is safe on Template?

So, as I understand it, the intruder can open a PR that injects malicious code in docs. And if somebody tries opening automatically generated docs preview that injected code may be executed on client side. Right?
I don't think it's possible that we have such malicious code inmaster, but the situation described above looks possible.

Do you have any idea why "Building Docs" action fails?

As an alternative approach, we can disable automatic docs preview deployments for PRs and do it only after maintainers check the diff and explicitly request it