Markdown
Markdown is an easy to use markup language used in the Github README for example
Last updated
Markdown is an easy to use markup language used in the Github README for example
Last updated
Markdown is a standard for text markup. It allows you to make text bold, italic, and in all kinds of different styles. It uses special characters around certain text to apply markup to it. Often markdown is used in text editors like on GitHub README.md files or Discord messages. Then the files are converted to another language like HTML with CSS or PDF to actually show the Here are the rules:
| Syntax | Description |
| ----------- | ----------- |
| Header | Title |
| Paragraph | Text |
```json
{
"firstName": "John",
"lastName": "Smith",
"age": 25
}
```
Strikethrough
~~strikethrough~~
- [x] Write the press release
- [ ] Update the website
- [ ] Contact the media
Emoji! ๐
Emoji! :grinning:
Markdown often gets compiled to HTML to be styled with CSS later. When converting something to HTML you need to make sure attackers can't inject arbitrary HTML, like <script> tags. Another idea is a javascript: URL in links so JavaScript code is executed when clicked. You can find a lot of Markdown XSS payloads in the following list:
To fuzz for and create your own payloads, read the following article where they explore an idea for different nested parsers that can mutate into XSS:
Header
Title
Paragraph
Text
