6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$10"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","html",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L11",null,{"href":"/discussion/tag/html/1","children":"html"}]}],["$","span","markdown",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L11",null,{"href":"/discussion/tag/markdown/1","children":"markdown"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/213Kw.png?s=256","alt":"usr","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/122718/usr","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"usr"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",171178]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Markdown.NET incorrectly does not escape HTML-Tags"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

it seems that Markdown.NET does not escape the following:

\n\n

<script>\n

\n\n

which is kind of a problem...

\n\n

Is there any other way of generating HTML from Markdown on the server with ASP.NET?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",494]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","1046526",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/NIuNK.jpg?s=256","alt":"Aaron Maenpaa","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/2603/aaron-maenpaa","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Aaron Maenpaa"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",122850]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Markdown explicitly allows HTML markup so: \"... incorrectly does not escape ...\" is not quite right.

\n\n

Which means that you're on the hook for sanitizing it yourself. You could even use Stack Overflow's HTML sanitizer if you wanted to.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","1005264",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/1005264","className":"text-blue-600 hover:underline","children":"Escape text for HTML"}]}],["$","li","692123",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/692123","className":"text-blue-600 hover:underline","children":"Escape tags in HTML"}]}],["$","li","32129183",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/32129183","className":"text-blue-600 hover:underline","children":"Display markdown in markdown"}]}],["$","li","27887126",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/27887126","className":"text-blue-600 hover:underline","children":"Don't escape tag in Markdown code block"}]}],["$","li","27053059",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/27053059","className":"text-blue-600 hover:underline","children":"Escaping special characters from html"}]}],["$","li","24370488",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/24370488","className":"text-blue-600 hover:underline","children":"Putting an html escape character inside a markdown code block"}]}],["$","li","20107638",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/20107638","className":"text-blue-600 hover:underline","children":"HTML Rendering Escaped Characters"}]}],["$","li","1970940",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/1970940","className":"text-blue-600 hover:underline","children":"Problems using a StringBuilder to construct HTML in C#"}]}],["$","li","4864255",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/4864255","className":"text-blue-600 hover:underline","children":"Why isn't MarkdownSharp encoding my HTML?"}]}],["$","li","3520641",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/3520641","className":"text-blue-600 hover:underline","children":"Asp.net MVC Markdown editor and Html.Encode"}]}]]}]]}]]}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}],["$","$L16",null,{}]]

Markdown.NET incorrectly does not escape HTML-Tags

Answers (1)

Related Questions