Nice security test vectors to check markdown use in apps


#1
  • Developpers and users often don’t understand, that markdown output can be NOT safe.
  • Sanitizers quality & setups can vary.

I think, test vectors from article above can be interesting to developpers, responsible for final apps security.


#2

Sanitization should always be a separate post-process from markdown. Markdown should be treated equivalently to a user providing raw HTML.