After going through the supplied post on markdown, we felt concerned about potential XSS attacks because one can write regular html in markdown. (We do have multiple authors BTW.) We checked (locally) that it was possible to embed javascript in a post. It will run when you visit this post.