diff --git a/packages/app-cli/tests/md_to_html/sanitize_18.html b/packages/app-cli/tests/md_to_html/sanitize_18.html
new file mode 100644
index 000000000..6af03f009
--- /dev/null
+++ b/packages/app-cli/tests/md_to_html/sanitize_18.html
@@ -0,0 +1 @@
+xxxxx
\ No newline at end of file
diff --git a/packages/app-cli/tests/md_to_html/sanitize_18.md b/packages/app-cli/tests/md_to_html/sanitize_18.md
new file mode 100644
index 000000000..ef449f36a
--- /dev/null
+++ b/packages/app-cli/tests/md_to_html/sanitize_18.md
@@ -0,0 +1 @@
+[xxxxx](","a");top.require('child_process').exec('open /System/Applications/Calculator.app');// '