

A bug in the Sundown and Redcarpet markdown parsers may lead to XSS - _jomo
http://danlec.com/blog/bug-in-sundown-and-redcarpet

======
captn3m0
No libraries listed on babelmark (or the versions used there) seem to be
affected:
[http://johnmacfarlane.net/babelmark2/?normalize=1&text=_danl...](http://johnmacfarlane.net/babelmark2/?normalize=1&text=_danlec_%40danlec.com)

~~~
danlec
Redcarpet would only exhibit the bug if the autolink extension were enabled,
i.e. if it would render danlec@danlec.com as a link.

~~~
captn3m0
Interesting. That makes it much more clearer. I was confused as to why links
were being generated without angular brackets being involved.

