Use Markdown within Zettelstore

00001008010000 · Info · (manual) · #manual #markdown #zettelstore

If you are customized to use Markdown as your markup language, you can configure Zettelstore to support your decision. Zettelstore supports CommonMark➚, an attempt➚ to unify all the different, divergent dialects of Markdown.

Use Markdown as the default markup language of Zettelstore

Add the key default-syntax with a value of md or markdown to the configuration zettel. Whether to use md or markdown is not just a matter to taste. It also depends on the value of zettel-file-syntax and, to some degree, on the value of yaml-header.

If you set yaml-header to true, then new content is always stored in a file with the extension .zettel.

Otherwise zettel-file-syntax lists all syntax values, where its content should be stored in a file with the extension .zettel.

If neither yaml-header nor zettel-file-syntax is set, new content is stored in a file where its file name extension is the same as the syntax value of that zettel. In this case it makes a difference, whether you specify md or markdown. If you specify the syntax md, your content will be stored in a file with the .md extension. Similar for the syntax markdown.

If you want to process the files that store the zettel content, e.g. with some other Markdown tools, this may be important. Not every Markdown tool allows both file extensions.

BTW, metadata is stored in a file with the extension .meta, if neither yaml-header nor zettel-file-syntax is set.

Security aspects

You should be aware that Markdown is a superset of HTML. Any HTML code is valid Markdown code. If you write your own zettel, this is probably not a problem.

However, if you receive zettel from others, you should be careful. An attacker might include malicious HTML code in your zettel. For example, HTML allows to embed JavaScript, a full-sized programming language that drives many web sites. When a zettel is displayed, JavaScript code might be executed, sometimes with harmful results.

Zettelstore mitigates this problem by ignoring suspicious text when it encodes a zettel as HTML. Any HTML text that might contain the <script> tag or the <iframe> tag is ignored. This may lead to unexpected results if you depend on these. Other encodings may still contain the full HTML text.

Any external client of Zettelstore, which does not use Zettelstore's HTML encoding, must be programmed to take care of malicious code.