Skip to content

Remove more examples#89709

Merged
icyJoseph merged 3 commits intocanaryfrom
cleanup-examples
Feb 9, 2026
Merged

Remove more examples#89709
icyJoseph merged 3 commits intocanaryfrom
cleanup-examples

Conversation

@icyJoseph
Copy link
Member

@icyJoseph icyJoseph commented Feb 9, 2026
edited
Loading

Removing examples that we are not using, or maintaining anymore.

@nextjs-bot nextjs-bot added created-by: Next.js DevEx team PRs by the DX team. Documentation Related to Next.js' official documentation. examples Issue was opened via the examples template. labels Feb 9, 2026
@icyJoseph icyJoseph enabled auto-merge (squash) February 9, 2026 10:36
@icyJoseph icyJoseph merged commit d6d84be into canary Feb 9, 2026
73 checks passed
@icyJoseph icyJoseph deleted the cleanup-examples branch February 9, 2026 10:36
icyJoseph added a commit that referenced this pull request Feb 9, 2026
@icyJoseph
Remove more examples (#89709)
a074701 
Removing examples that we are not using, or maintaining anymore.
@talatkuyuk
Copy link

talatkuyuk commented Feb 23, 2026

You removed the examples related with Remote MDX, okey, it is hard to maintain, but why did you remove info about Remote MDX in ‎docs/01-app/02-guides/mdx.mdx‎. It was useful. We would rather get it back.

@icyJoseph
Copy link
Member Author

icyJoseph commented Feb 23, 2026

As part of the CVE's disclosed, we decided to temporarily take back the recommendation. It is still available in our v15 docs.

The path forward for now is to reintroduce a note about Remote MDX, showing patterns secure by default, even if it introduces friction for developers.

@talatkuyuk
Copy link

talatkuyuk commented Feb 23, 2026

Thank you for your answer. The "Remote MDX" section previously featured the community-driven next-mdx-remote-client package. To proactively address and minimize the impact of the disclosed CVEs, a specialized utility called remark-mdx-remove-expressions has been developed.

This plugin is specifically designed to be integrated into workflows like next-mdx-remote-client to strip potentially malicious logic from remote content. There is an active discussion regarding this security strategy in next-mdx-remote-client/issues/18.

The recommendation for scenarios where the developer does not have full control over the remote MDX source is to utilize remark-mdx-remove-expressions with the { onlyDangerousExpressions: true } option. This provides a "secure by default" layer by neutralizing executable code while preserving the descriptive power of MDX.

I would highly appreciate it if you could review the insights shared in this issue, as it might provide the secure pattern needed to reintroduce the Remote MDX documentation without compromising user safety.

@icyJoseph
Copy link
Member Author

icyJoseph commented Feb 23, 2026

Great. Yes I did find that issue last week. I can't plan the content right now, but I imagine it'll be something like

  • how's mdx actually transformed to other content types
  • mdx from disk
  • plugin layer, what do these do
  • mdx from a remote source
    • a safe set of plugin defaults

Basically, rework Deep Dive: How do you transform markdown into HTML?

I'll likely comment back on the issue when I get to it. PRs/drafts are always welcome too.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 10, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@molebox molebox molebox approved these changes

Assignees

No one assigned

Labels

created-by: Next.js DevEx team PRs by the DX team. Documentation Related to Next.js' official documentation. examples Issue was opened via the examples template. locked

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@icyJoseph @talatkuyuk @molebox @nextjs-bot