What are the legitimate risks of using MarkupString to render html inside of a Blazor page?
There is a warning mentioned on this Blazor 0.5.0 preview blog post.
However I've also seen some other Stackoverflow posts of users trying to execute JavaScript/C# inside of a MarkupString (fragment/object?) and explanations that it isn't possible.
For example.How can I render html that contains script tag in Blazor
And...Blazor: How to use a onclick event in MarkupString
I've not been able to find good documentation on MarkupString to determine if it is benign or not.
In my use case, some developers could potentially edit the html snippets being rendered outside of a release process, so risk is pretty minimal anyway.
Thanks!