

Searching Github for easy vulns, round 2: unsanitized Markdown - kijin
https://github.com/search?l=php&q=echo+markdown&type=Code

======
kijin
Yesterday we saw an interesting discussion about SQL injection vulnerabilities
exposed by a Github search [1]. So I thought I'd do something similar, but
with a slightly more sophisticated and somewhat less visible vulnerability:
_unsanitized Markdown output_.

Public Service Announcement: Markdown does not sanitize anything. Markdown
output can contain anything from <script> to <iframe>. Displaying the raw
output of Markdown is just as dangerous as displaying any piece of HTML.
Always pass the output of Markdown through a proper sanitization library, such
as HTML Purifier [2], unless you're absolutely sure that the input is trusted.

[1] <https://news.ycombinator.com/item?id=5805025>

[2] <http://htmlpurifier.org/>

