Impact
Any website using discord-markdown with user-generated markdown is vulnerable to having code injected into the page where the markdown is displayed.
Patches
This has been patched in version 2.3.1
Workarounds
Escape the characters <>& before sending plain code blocks to discord-markdown.
References
#13
Impact
Any website using discord-markdown with user-generated markdown is vulnerable to having code injected into the page where the markdown is displayed.
Patches
This has been patched in version 2.3.1
Workarounds
Escape the characters
<>&before sending plain code blocks to discord-markdown.References
#13