Hint 2
March 6, 2019 · View on GitHub
The previous attempt didn’t work. Sanitisation is enabled on the application as shown in the app.js file found in the main project directory:

Instead of using HTML tags, perhaps think about how you could add a script as part of mark down - remember that the vulnerability exists in the marked library.