Currently, no escaping at all is done on the HTML generated by Marked. This can be a cause for XSS (but then again, there is nothing to be gained from performing XSS on one's own vault... or is there?).
Currently, no escaping at all is done on the HTML generated by Marked.
This can be a cause for XSS (but then again, there is nothing to be gained from performing XSS on one's own vault... or is there?).