Blog Contact

Markdown

Markdown is an easy to use markup language used in the Github README for example

Syntax

Markdown is a standard for text markup. It allows you to make text bold, italic, and in all kinds of different styles. It uses special characters around certain text to apply markup to it. Often markdown is used in text editors like on GitHub README.md files or Discord messages. Then the files are converted to another language like HTML with CSS or PDF to actually show the Here are the rules:

ElementMarkdown Syntax

Heading

# H1 ## H2 ### H3

Bold

**bold text**

Italic

*italicized text*

> blockquote

  1. First item

  2. Second item

  3. Third item

1. First item 2. Second item 3. Third item

  • First item

  • Second item

  • Third item

- First item - Second item - Third item

code

`code`

---

Link

[title](https://www.example.com)

![alt text](image.jpg)

Advanced Syntax

| Syntax | Description | | ----------- | ----------- | | Header | Title | | Paragraph | Text |

{
  "firstName": "John",
  "lastName": "Smith",
  "age": 25
}

```json { "firstName": "John", "lastName": "Smith", "age": 25 } ```

Strikethrough

~~strikethrough~~

- [x] Write the press release - [ ] Update the website - [ ] Contact the media

Emoji! ๐Ÿ˜€

Emoji! :grinning:

Markdown XSS

Markdown often gets compiled to HTML to be styled with CSS later. When converting something to HTML you need to make sure attackers can't inject arbitrary HTML, like <script> tags. Another idea is a javascript: URL in links so JavaScript code is executed when clicked. You can find a lot of Markdown XSS payloads in the following list:

To fuzz for and create your own payloads, read the following article where they explore an idea for different nested parsers that can mutate into XSS:

PreviousAssemblyNextLaTeX

Last updated