• Max-P
    link
    fedilink
    English
    191 year ago

    Pretty much, and it’s not even XSS (it’s not cross-site), it’s just plain basic HTML injection breaking out of Markdown. At least as far as I was able to find.