Markdown

Markdown is an easy to use markup language used in the Github README for example

Syntax

Markdown is a standard for text markup. It allows you to make text bold, italic, and in all kinds of different styles. It uses special characters around certain text to apply markup to it. Often markdown is used in text editors like on GitHub README.md files or Discord messages. Then the files are converted to another language like HTML with CSS or PDF to actually show the Here are the rules:

Element

Markdown Syntax

Heading

# H1 ## H2 ### H3

Bold

**bold text**

Italic

*italicized text*

> blockquote

First item
Second item
Third item

1. First item 2. Second item 3. Third item

First item
Second item
Third item

- First item - Second item - Third item

code

`code`

---

Link

[title](https://www.example.com)

![alt text](image.jpg)

Advanced Syntax

| Syntax | Description | | ----------- | ----------- | | Header | Title | | Paragraph | Text |

{
  "firstName": "John",
  "lastName": "Smith",
  "age": 25
}

```json { "firstName": "John", "lastName": "Smith", "age": 25 } ```

~~Strikethrough~~

~~strikethrough~~

Checklist
Item 2
Item 3

- [x] Write the press release - [ ] Update the website - [ ] Contact the media

Emoji! 😀

Emoji! :grinning:

Markdown XSS

Markdown often gets compiled to HTML to be styled with CSS later. When converting something to HTML you need to make sure attackers can't inject arbitrary HTML, like <script> tags. Another idea is a javascript: URL in links so JavaScript code is executed when clicked. You can find a lot of Markdown XSS payloads in the following list:

To fuzz for and create your own payloads, read the following article where they explore an idea for different nested parsers that can mutate into XSS:

PreviousAssembly NextLaTeX

Last updated 2 years ago

hashtagSyntax

hashtagHeading

hashtagAdvanced Syntax

hashtagMarkdown XSS

Syntax

Heading

Advanced Syntax

Markdown XSS