tags:

views:

224

answers:

1

Hi, it seems that Markdown.NET does not escape the following:

<script>

which is kind of a problem...

Is there any other way of generating HTML from Markdown on the server with ASP.NET?

+1  A: 

Markdown explicitly allows HTML markup so: "... incorrectly does not escape ..." is not quite right.

Which means that you're on the hook for sanitizing it yourself. You could even use Stack Overflow's HTML sanitizer if you wanted to.

Aaron Maenpaa