Another trigger position of XSS

[fungo1024]

I'm using the latest version (2018/07/05)

1. new notes, select Markdown, write payload:

<img src= "test" onerror=alert ('test') >

It's not going to trigger now.

2. when I need to highlight the markdown code, I write it before the code.

" ``` "

I trigger xss. when I enter third.

Boostnote is great!

[Rokt33r]

Thanks for reporting. I'll fix it soon. It looks very critical.