Fixes an XSS vulnerability reported by Mario Heiderich
(http://twitter.com/0x6d6172696f).
This change ensures that…
new Markdown.Converter().makeHtml('**_[Free iPad Here!](javascript:alert(1))_**')
…has the same result as…
new Markdown.Converter().makeHtml('**_[Free iPad Here!](javascript:alert(1))_**')
Original issue reported on code.google.com by mathias@qiwi.be on 9 Aug 2012 at 12:18
Original issue reported on code.google.com by
mathias@qiwi.beon 9 Aug 2012 at 12:18Attachments: