Unintended HTML inclusion as a result of https://hackerone.com/reports/110578

Hi, I was just reading https://hackerone.com/reports/110578 and testing out the changes. I had previously noticed that the editor would take something like: [test](http://www.torontowebsitedeveloper.com "test ismap="yes"') and turn it into : <a title="test ismap="yes"' href="http://www.torontowebsitedeveloper.com">test</a> In other words, the code would recursively look at what should be the title string and use the first single or double quote, matching it to the last single or double quote, including all others within it as the actual " or ' as was noted in the report (I was actually looking at the git repo to try and see if there was any vulnerability in the recursive flow from an overflow perspective but couldn't find one...). Anyways, I noticed after the report, with your change, I can get some arbitrary html included in anchor tags now. Admittedly, I'm just starting out with all of this so I don't know yet how/if this could be exploited but now when I add the above [test](http://www.torontowebsitedeveloper.com "test ismap="alert xss" yyy="test"") It gets turned into: <a title="'test" ismap="alert xss" yyy="test" &#39; href="http://www.torontowebsitedeveloper.com">test</a> Two things to I would flag: 1. the single quote at the beginning of what should be title="test" and 2. I was able to add ismap= and yyy= as html attributes This reminded me of the yahoo mail xss injection recently disclosed so I thought I'd make you aware. If you don't agree it's a vulnerability, please let me close the issue. Thanks!