|
|
|
|
|
|
by vertex-four
4244 days ago
|
|
|
> Something like a Markdown converter seems less likely, though not impossible. Really? I've found serious XSS bugs in frameworks that are semi-popular for writing real-time applications with a web component. What's outputted from your Markdown converter is generally assumed to be trusted HTML. Additionally, if it's not written in a language with good string support... it has string processing, which could lead to a crash or buffer overflow easily. It seems that a Markdown converter is exactly the sort of place you'd be likely to find an attack vector. |
|
|