Remove unneeded docstring

Archmonger · Archmonger · commit ca33704e8997 · 2024-11-02T16:49:46.000-07:00
diff --git a/src/py/reactpy/reactpy/html.py b/src/py/reactpy/reactpy/html.py
@@ -422,53 +422,10 @@ def _script(
     key is given, the key is inferred to be the content of the script or, lastly its
     'src' attribute if that is given.
 
-    If no attributes are given, the content of the script may evaluate to a function.
-    This function will be called when the script is initially created or when the
-    content of the script changes. The function may itself optionally return a teardown
-    function that is called when the script element is removed from the tree, or when
-    the script content changes.
-
     Notes:
         Do not use unsanitized data from untrusted sources anywhere in your script.
-        Doing so may allow for malicious code injection. Consider this **insecure**
-        code:
-
-        .. code-block::
-
-            my_script = html.script(f"console.log('{user_bio}');")
-
-        A clever attacker could construct ``user_bio`` such that they could escape the
-        string and execute arbitrary code to perform cross-site scripting
-        (`XSS <https://en.wikipedia.org/wiki/Cross-site_scripting>`__`). For example,
-        what if ``user_bio`` were of the form:
-
-        .. code-block:: text
-
-            '); attackerCodeHere(); ('
-
-        This would allow the following Javascript code to be executed client-side:
-
-        .. code-block:: js
-
-            console.log(''); attackerCodeHere(); ('');
-
-        One way to avoid this could be to escape ``user_bio`` so as to prevent the
-        injection of Javascript code. For example:
-
-        .. code-block:: python
-
-            import json
-            my_script = html.script(f"console.log({json.dumps(user_bio)});")
-
-        This would prevent the injection of Javascript code by escaping the ``user_bio``
-        string. In this case, the following client-side code would be executed instead:
-
-        .. code-block:: js
-
-            console.log("'); attackerCodeHere(); ('");
-
-        This is a very simple example, but it illustrates the point that you should
-        always be careful when using unsanitized data from untrusted sources.
+        Doing so may allow for malicious code injection
+        (`XSS <https://en.wikipedia.org/wiki/Cross-site_scripting>`__`).
     """
     model: VdomDict = {"tagName": "script"}
 
