Markdown
Markdown is an easy to use markup language used in the Github README for example
Last updated
Markdown is an easy to use markup language used in the Github README for example
Last updated
Markdown is a standard for text markup. It allows you to make text bold, italic, and in all kinds of different styles. It uses special characters around certain text to apply markup to it. Often markdown is used in text editors like on GitHub README.md files or Discord messages. Then the files are converted to another language like HTML with CSS or PDF to actually show the Here are the rules:
Markdown often gets compiled to HTML to be styled with CSS later. When converting something to HTML you need to make sure attackers can't inject arbitrary HTML, like <script> tags. Another idea is a javascript: URL in links so JavaScript code is executed when clicked. You can find a lot of Markdown XSS payloads in the following list:
To fuzz for and create your own payloads, read the following article where they explore an idea for different nested parsers that can mutate into XSS:
| Element | Markdown Syntax |
|---|---|
# H1
## H2
### H3
Bold
**bold text**
Italic
*italicized text*
> blockquote
First item
Second item
Third item
1. First item
2. Second item
3. Third item
First item
Second item
Third item
- First item
- Second item
- Third item
code
`code`
---
[title](https://www.example.com)
| Syntax | Description |
| ----------- | ----------- |
| Header | Title |
| Paragraph | Text |
```json
{
"firstName": "John",
"lastName": "Smith",
"age": 25
}
```
Strikethrough
~~strikethrough~~
- [x] Write the press release
- [ ] Update the website
- [ ] Contact the media
Emoji! ๐
Emoji! :grinning:
| Syntax | Description |
|---|---|
Header
Title
Paragraph
Text
