to markdown() does not sufficiently escape text content that looks like HTML. As a result, untrusted input that is safe in to html() can become raw HTML in Markdown output.

This is not specific to tokenizer raw-text states like <title>, <noscript>, or <plaintext>, although those states can trigger the behavior. The root cause is broader: Markdown text serialization leaves angle brackets unescaped in text nodes.

When converting a parsed document to Markdown, text nodes are escaped for a small set of Markdown metacharacters, but HTML-significant characters such as < and > are preserved. That means content parsed as text, including entity-decoded text or text produced by RCDATA/RAWTEXT-style parsing, can be emitted into Markdown as raw HTML.

Examples of affected input include:

This is distinct from actual <script> or <style> elements in the DOM. Those are already dropped by default in to markdown() unless html passthrough=True.

from justhtml import JustHTML

doc = JustHTML("<p>&lt;img src=x onerror=alert(1)&gt;</p>", fragment=True)

print(doc.to html())
print()
print(doc.to markdown())