Markdown injection on profile page
It was possible to have profile fields (like full name), other than your bio, contain markdown syntax that would get rendered on the profile page. The “damage” was limited to safe tags only, equal to what is rendered in the bio text.
Submitted by Elmer van Chastelet on 1 June 2021 at 16:18