Good day

I have found a cross site scripting vulnerability in your editor. See the image below.

If I open a markdown file with the editor, that exploits this vulnerability, it would execute any Javascript code.

I would suggest that the attribute "onerror" in the tags below be ignored to prevent javascript execution.

1.	<img>
2.	<input type="image">
3.	<object>
4.	<link>
5.	<script>

See also: https://www.w3schools.com/jsref/event_onerror.asp