Please enable escapeHTML by default on the component, a Markdown component should always have escapedHTML.
While I personally loathe HTML in Markdown, it is considered legal and "valid", and has fairly obvious use cases. From a quick glance, it doesn't look like other markdown renderers are escaping by default, either. I will however consider changing this default for the next major version.
Thanks, This will be a much appreciated enhancement. 馃憤
The new release candidate for v3 escapes HTML by default. Please read this issue for more information. Please give it a go and let me know if you encounter issues.
Most helpful comment
While I personally loathe HTML in Markdown, it is considered legal and "valid", and has fairly obvious use cases. From a quick glance, it doesn't look like other markdown renderers are escaping by default, either. I will however consider changing this default for the next major version.