• Max-P@lemmy.max-p.me
    link
    fedilink
    English
    arrow-up
    17
    ·
    1 year ago

    Pretty much, and it’s not even XSS (it’s not cross-site), it’s just plain basic HTML injection breaking out of Markdown. At least as far as I was able to find.