(zettel (meta (back "00001007000000 00001007040324 00001008000000 00001012920522") (backward "00001007000000 00001007040324 00001008000000 00001012920522") (box-number "1") (created "20210126175322") (forward "00000000090001 00001004010000 00001004020000 00001008010500 00001012920500 00001012920510") (modified "20221018115601") (published "20221018115601") (role "manual") (syntax "zmk") (tags "#manual #markdown #zettelstore") (title "Use Markdown within Zettelstore")) (rights 4) (encoding "") (content "If you are customized to use Markdown as your markup language, you can configure Zettelstore to support your decision.\nZettelstore supports the [[CommonMark|00001008010500]] dialect of Markdown.\n\n=== Use Markdown as the default markup language of Zettelstore\n\nUpdate the [[New Zettel|00000000090001]] template (and other relevant template zettel) by setting the syntax value to ''md'' or ''markdown''.\nWhether to use ''md'' or ''markdown'' is not just a matter to taste.\nIt also depends on the value of [[''zettel-file-syntax''|00001004020000#zettel-file-syntax]] and, to some degree, on the value of [[''yaml-header''|00001004020000#yaml-header]].\n\nIf you set ''yaml-header'' to true, then new content is always stored in a file with the extension ''.zettel''.\n\nOtherwise ''zettel-file-syntax'' lists all syntax values, where its content should be stored in a file with the extension ''.zettel''.\n\nIf neither ''yaml-header'' nor ''zettel-file-syntax'' is set, new content is stored in a file where its file name extension is the same as the syntax value of that zettel.\nIn this case it makes a difference, whether you specify ''md'' or ''markdown''.\nIf you specify the syntax ''md'', your content will be stored in a file with the ''.md'' extension.\nSimilar for the syntax ''markdown''.\n\nIf you want to process the files that store the zettel content, e.g. with some other Markdown tools, this may be important.\nNot every Markdown tool allows both file extensions.\n\nBTW, metadata is stored in a file without a file extension, if neither ''yaml-header'' nor ''zettel-file-syntax'' is set.\n\n=== Security aspects\n\nYou should be aware that Markdown is a super-set of HTML.\nThe body of any HTML document is also a valid Markdown document.\nIf you write your own zettel, this is probably not a problem.\n\nHowever, if you receive zettel from others, you should be careful.\nAn attacker might include malicious HTML code in your zettel.\nFor example, HTML allows to embed JavaScript, a full-sized programming language that drives many web sites.\nWhen a zettel is displayed, JavaScript code might be executed, sometimes with harmful results.\n\nBy default, Zettelstore prohibits any HTML content.\nIf you want to relax this rule, you should take a look at the startup configuration key [[''insecure-html''|00001004010000#insecure-html]].\n\nEven if you have allowed HTML content, Zettelstore mitigates some of the security problems by ignoring suspicious text when it encodes a zettel as HTML.\nAny HTML text that might contain the ``<script>`` tag or the ``<iframe>`` tag is ignored.\nThis may lead to unexpected results if you depend on these.\nOther [[encodings|00001012920500]] may still contain the full HTML text.\n\nAny external client of Zettelstore, which does not use Zettelstore's [[HTML encoding|00001012920510]], must be programmed to take care of malicious code."))