• Introduction
  • Markdown is inherently unsafe
  • Whitelist / Blacklist can't prevent XSS
  • Striping HTML tags is not enough
  • Mixed HTML/Markdown XSS attack
  • Mitigating XSS
  • Conclusion
  • Disclaimer