Am 16.07.2017 um 11:17 schrieb Sönke Ludwig:
(...)

However, I just noticed that this is still possible to exploit in the
Markdown processor. User defined HTML is filtered, but link targets are
passed to the rendered HTML as-is (just HTML encoded).

https://github.com/rejectedsoftware/vibe.d/pull/1846

Reply via email to