Information from Yuki Hattori

Marp v0.0.10 or earlier have this vulnerability. Please refer below GitHub issue for more details:
https://github.com/yhatt/marp/issues/187

In v0.0.11, we have disabled accessing local resources from JavaScript. This behavior would relax reported vulnerable.

Markdown slides using external JavaScript library on web would continue to work. (e.g. drawing charts)
To avoid unexpected web accessing to external resource by JavaScript, please be careful below.

- Don't use script tag and iframe tag in Markdown
- Don't open attached Markdown on not-trusted mail
- Don't open downloaded/copied Markdown from the suspicious site