Markdown Renderer

Markdown HTML Injection

The community markdown renderer keeps `sanitize:false` so embedded HTML, `<script>`, and inline event handlers all reach the page.

CWE-79
Back to hub Reload scenario
Markdown probe 

  "
    }).then(r => r.text()).then(t =>
      document.getElementById("md-preview").textContent = t);
  


      

    


    

      

        
Expected Findings

        
    
          
  • Renderer config sets `sanitize:false` and `html:true`.
  • `<script>` and `onerror` attributes are preserved in the output.
  • Output is later inserted into other users' feeds.
    • 
        

      


      

      

        
Signals

        
        

          
Config

          
marked.setOptions({ html: true, sanitize: false })

        

        
      

    


    

    

      Developed by vibe-eval.com for validation and testing purposes only.