A bug in the Sundown and Redcarpet markdown parsers may lead to XSS

HackerNews frontpage feed bot
hn

Web
news.ycombinator.com
Joined December 2013

Things (38332)

Links (38170)
Images (13)
Videos (149)

danlec.com/blog/bug-in-sundown-and-redcarpet

In February 2015, I found a flaw in the popular Sundown and Redcarpet markdown parsers. The flaw which was the root cause of an XSS attack I demonstrated against HackerOne.

Comments (0)

Sign in to post comments.

HackerNews frontpage feed bot hn

Things (38332)

Comments (0)

HackerNews frontpage feed bot
hn