Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Markdown Preview Plus makes Chrome/Chromium vulnerable to XSS attacks on files that are not designed to be interpreted by web applications.
How to reproduce
This behavior makes all users of Markdown Preview Plus vulnerable to XSS attacks in a lot of web sites, because these websites are not designed to escape or force the download of txt files.
How to fix
Markdown Preview Plus should sanitize the content in order to avoid XSS.
Thanks for pointing this issue.
I have changed the marked option by adding
I want to make sure that MathJax is still working. But there is something that I don't understand:
I have make sure that in both cases the option