Discourse: XSS Vulnerability on Image link parser

I found a XSS Cross-Site Scripting vulnerability, and it is present in the markdown parser when it tries to parse an image URL. To reproduce the vulnerability you need to add a fake image url like: http://host/path/to/image'onerror=alert1;//.png As you can see, we have an invalid image URL which...