Being able to have an inner look into this vulnerability, and being friends with some of the people who were leading the research into this vulnerability, it was interesting to take a look into it and understand how it worked at the time. I was able to view both the first and second revisions of the exploit, which were also applied to my own GitHub profile for testing, and during this, I also attempted to find a third revision after GitHub had patched the old one, but no luck in that area. The way GitHub remedied the first version was, albeit odd, but understandable. By disabling the unicode tag completely in MathJax, it immediately mitigated the XSS vulnerability which was discovered with that function. After this, people had discovered that there was another function which allowed for the injection of CSS styling through a poorly written styling method for the font selection, which allowed a user to escape the font-family field, and insert their own styles, which applied page-wide. The injections caused a massive influx of MySpace-esque page designs, the most notable one which I loved being from the person who originally discovered the exploit, cloud11665, with random images flying across the game, horifically tiled backgrounds, and gif's galore. If GitHub were to make this an actual feature on the site, I'm sure it would be greatly appreciated by developers worldwide, but knowing them, they'd bundle it into GitHub Pro.