top | item 39932982 (no title) cdcarter | 1 year ago Well, the markdown specification allows inline HTML, so that's to be expected. But it's true if you're taking user input as markdown and display it as rendered HTML, you need to think very carefully about escaping and sanitization. discuss order hn newest No comments yet.
No comments yet.