3 comments

[ 2.7 ms ] story [ 15.8 ms ] thread
That's quite surprising, it's a textbook XSS vulnerability. It seems to me that their markdown library should escape entities by default or they will have many other vulns.