I ve been playing around with RDX (Reactive Document eXpressions) recently and wanted to see what the community thinks about it.
For context: MDX is amazing, but because it allows arbitrary JavaScript execution, it s a massive security risk if you want to allow untrusted users to write content. RDX takes a different approach: it uses the same familiar JSX-style syntax (<Notice type="warning">), but it parses into a strict, safe AST with zero code execution.
Two things really stood out to me about this approach:
The Big Idea
MDX changed the game for documentation, but it has a massive Achilles' heel: Security. Because MDX allows arbitrary JavaScript and import statements, you can’t safely let untrusted users author content.
Enter RDX.
RDX is a strictly typed, declarative document format built as a superset of CommonMark. It gives you the power of rich, interactive components () with the security of a pure data format. No eval(), no JavaScript runtime, and zero risk of XSS.
