🧨 Markdown Injection: XSS via marked

This demo renders Markdown using a vulnerable version of marked@0.3.6 without sanitization — making it susceptible to JavaScript injection.

🧪 How to Test

  1. Modify the Markdown or leave it as-is.
  2. Click Render Markdown.
  3. Observe that HTML is rendered and includes a clickable JS alert.
  4. This shows how an attacker can execute arbitrary JavaScript.

⚠️ Always sanitize Markdown output or upgrade to a secure version of marked.