Security
Azimuth Markdown is designed with security as a core principle.
Link Security
All URLs encountered in [text](url) links are validated before any action is taken:
- Allowed schemes:
http://andhttps://only - Blocked schemes:
file://,javascript:,vbscript:,ms-msdt:,data:, and all other non-http schemes - Notification: When a link is blocked, the user sees a clear editor notification explaining why
- CWE/CVE coverage: This validation mitigates CWE-94 (Code Injection) and CVE-2022-30190 (MSDT remote code execution)
No External Communication
- The plugin makes no network calls of any kind
- No telemetry, no analytics, no phone-home behavior
- No data is sent anywhere -- the parser runs entirely locally
No External Dependencies
- Pure Unreal Engine 5 APIs only
- No third-party libraries are included or required
- No DLLs, no external executables, no runtime downloads
Input Handling
- The parser gracefully handles malformed markdown by treating unrecognized patterns as plain text
- No input can cause a crash -- unmatched delimiters are output as literal characters
- Unicode sanitization prevents rendering issues from unexpected characters