Closed chris68 closed 10 years ago
If I enter
Check javascript <script> alert("Hi!"); </script>
in the editor and press the preview button I get a 'Hi' box. Not really desirable...
Github handles that correctly (as you can easily test with this bug report)
Resolved and closed via commit 9425e14. Thanks for reporting. Injected Scripts/Xss will be removed. To embed a script as text escape the '>' character like this:
<script\>alert ("Hello")</script\>
If I enter
in the editor and press the preview button I get a 'Hi' box. Not really desirable...
Github handles that correctly (as you can easily test with this bug report)