Hi, it seems that Markdown.NET does not escape the following:
<script>
which is kind of a problem...
Is there any other way of generating HTML from Markdown on the server with ASP.NET?
From stackoverflow
-
Markdown explicitly allows HTML markup so: "... incorrectly does not escape ..." is not quite right.
Which means that you're on the hook for sanitizing it yourself. You could even use Stack Overflow's HTML sanitizer if you wanted to.
0 comments:
Post a Comment