Fairly simple.
Looking at the in-browser example for the Markdown.Sanitizer.js...
document.write(converter.makeHtml("<script>alert(42);</script><b>bold"); //
creates "alert(42);bold"
you can find that there is only one closing bracket before the ;
Original issue reported on code.google.com by Michael....@gmail.com on 25 Sep 2012 at 8:09
Fairly simple. Looking at the in-browser example for the Markdown.Sanitizer.js... document.write(converter.makeHtml("<script>alert(42);</script><b>bold"); // creates "alert(42);bold" you can find that there is only one closing bracket before the ;
Original issue reported on code.google.com by
Michael....@gmail.com
on 25 Sep 2012 at 8:09