Join GitHub today
XSS in blog post #719
Is this supposed to be blocked? In general if you can edit the page the expectation is that you can insert whatever you want. so unless this is supposed to be explicitly blocked (docs around this?) it would be seen as a hardening issue and not a security vulnerability from the CVE perspective.
You can't directly edit the blog post. You can write a note that has filter to prevent XSS(without result since i already reported multiple XSS in markdown notes) that can be converted in blog post. There is a
Having a feedback about it from the developers would be nice