@bitquark reported a stored XSS vulnerability within GeoJSON rendering on render.github.com.

While exploitation of this vulnerability was limited to a sandboxed domain, we still took the threat seriously. We addressed the behavior by properly escaping user-controlled input.