The recently patched XSS in CommonMark's Attributes extension offers an interesting look at what happens when two different features conflict, one being a security feature, the other a knowingly vulnerable extension... 🤓
https://securinglaravel.com/security-tip-what-can-we-learn-from-commonmarks-xss/#Laravel