@teestudio reported a reflected XSS vulnerability that existed in Gist’s search results view. Gist search results are syntax highlighted and properly escaped for file formats supported by our syntax highlighting library. However, for unsupported file formats, Gist rendered the file as unescaped HTML. An attacker could create a Gist containing HTML markup and it was rendered when shown in a search result.

While exploitation of this vulnerability was prevented by our use of CSP, we still took the threat seriously. We addressed the behavior by properly escaping all search results.