Use Markdown within Zettelstore
If you prefer Markdown as your markup language, you can configure Zettelstore accordingly. Zettelstore supports the CommonMark dialect of Markdown, as well as an extended dialect, Extended CommonMark.
The syntax metadata of a zettel determines which Markdown dialect is used:
- “commonmark”, “cmark”
Uses the CommonMark dialect.
- “emark”
Uses the Extended CommonMark dialect.
- “markdown”, “md”
The value of the markdown-dialect configuration setting determines whether CommonMark or Extended CommonMark is used.
Use Markdown as the default markup language of Zettelstore
Update the New Zettel template (and other relevant template zettel) by setting the syntax value to “md”, “markdown”, “commonmark”, “cmark”, “emark”. Whether to use “md” or “markdown” is not just a matter of taste. The same applies for “commonmark” / “cmark”. It also depends on the value of zettel-file-syntax and, to some extent, on the value of yaml-header.
If you set yaml-header to true, then new content is always stored in a file with the extension .zettel.
Otherwise zettel-file-syntax lists all syntax values, where its content should be stored in a file with the extension .zettel.
If neither yaml-header nor zettel-file-syntax is set, new content is stored in a file whose filename extension matches the zettel's syntax metadata value. In this case, it makes a difference whether you specify “md” or “markdown”, and likewise whether you specify “commonmark” or “cmark”. If you specify the syntax metadata value “md”, your content is stored in a file with the .md extension. The same applies to the values “markdown”, “commonmark”, “cmark”, and “emark”.
If you want to process the files that store the zettel content, e.g. with some other Markdown tools, this may be important. Not every Markdown tool allows both file extensions.
BTW, metadata is stored in a file without a file extension, if neither yaml-header nor zettel-file-syntax is set.
Security aspects
You should be aware that Markdown is a super-set of HTML. The body of any HTML document is also a valid Markdown document. If you write your own zettel, this is probably not a problem.
However, if you receive zettel from others, you should be careful. An attacker might include malicious HTML code in your zettel. For example, HTML allows embedding JavaScript, a full-featured programming language that drives many websites. When a zettel is displayed, JavaScript code might be executed, sometimes with harmful results.
By default, Zettelstore prohibits any HTML content. If you want to relax this rule, you should take a look at the startup configuration key insecure-html.
Even if you have allowed HTML content, Zettelstore mitigates some of the security problems by ignoring suspicious text when it encodes a zettel as HTML. Any HTML text that might contain the <script> tag or the <iframe> tag is ignored. This may lead to unexpected results if you depend on these. Other encodings may still contain the full HTML text.
Any external client of Zettelstore, which does not use Zettelstore's HTML encoding, must be programmed to take care of malicious code.