Making this just a bit more explicit will likely help people spend less
time debugging this or even deciding upfront that pages.sr.ht is not the
right service for them.
content/limitations.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/content/limitations.md b/content/limitations.md
index b247c81..860fe08 100644
--- a/content/limitations.md+++ b/content/limitations.md
@@ -20,6 +20,9 @@ Content-Security-Policy:
The main consequence of this is that all resources must be served from
your domain — you cannot use a CDN or embed third-party content.
+It also disallows forcing links to open in new tabs (`target="_blank"`), as+this is equivalent to opening a pop-up in the browser security model.+The published tarball is limited to 1 GiB in size, after decompression. Any
entries other than regular files are ignored (such as symlinks).