Closed ondras closed 7 years ago
liamcurry
commented
8 years ago Bumping this since a new XSS exploit was just found in the marked lib.
It looks like marked is no longer maintained, so to fix this, this PR/patch will have to be applied.
Maybe it's time to use a new Markdown library?
tekul
commented
7 years ago Seems like another similar issue with marked was reported last month. It would be good to at least update to the current version in the meantime, since these specific issues do seem to have been fixed.
The bundled marked.js is apparently somewhat old, as it does not support the "three dashes smartypants" replacement. It would be nice to update the library to its latest version.
Upstream: https://github.com/chjj/marked/blame/master/lib/marked.js#L719