((p "If you are customized to use Markdown as your markup language, you can configure Zettelstore to support your decision." " " "Zettelstore supports the " (a (@ (href . "00001008010500")) "CommonMark") " dialect of Markdown.") (h2 (@ (id . "use-markdown-as-the-default-markup-language-of-zettelstore")) "Use Markdown as the default markup language of Zettelstore") (p "Update the " (a (@ (href . "00000000090001")) "New Zettel") " template (and other relevant template zettel) by setting the syntax value to " (kbd "md") " or " (kbd "markdown") "." " " "Whether to use " (kbd "md") " or " (kbd "markdown") " is not just a matter to taste." " " "It also depends on the value of " (a (@ (href . "00001004020000#zettel-file-syntax")) (kbd "zettel-file-syntax")) " and, to some degree, on the value of " (a (@ (href . "00001004020000#yaml-header")) (kbd "yaml-header")) ".") (p "If you set " (kbd "yaml-header") " to true, then new content is always stored in a file with the extension " (kbd ".zettel") ".") (p "Otherwise " (kbd "zettel-file-syntax") " lists all syntax values, where its content should be stored in a file with the extension " (kbd ".zettel") ".") (p "If neither " (kbd "yaml-header") " nor " (kbd "zettel-file-syntax") " is set, new content is stored in a file where its file name extension is the same as the syntax value of that zettel." " " "In this case it makes a difference, whether you specify " (kbd "md") " or " (kbd "markdown") "." " " "If you specify the syntax " (kbd "md") ", your content will be stored in a file with the " (kbd ".md") " extension." " " "Similar for the syntax " (kbd "markdown") ".") (p "If you want to process the files that store the zettel content, e.g. with some other Markdown tools, this may be important." " " "Not every Markdown tool allows both file extensions.") (p "BTW, metadata is stored in a file without a file extension, if neither " (kbd "yaml-header") " nor " (kbd "zettel-file-syntax") " is set.") (h2 (@ (id . "security-aspects")) "Security aspects") (p "You should be aware that Markdown is a super-set of HTML." " " "The body of any HTML document is also a valid Markdown document." " " "If you write your own zettel, this is probably not a problem.") (p "However, if you receive zettel from others, you should be careful." " " "An attacker might include malicious HTML code in your zettel." " " "For example, HTML allows to embed JavaScript, a full-sized programming language that drives many web sites." " " "When a zettel is displayed, JavaScript code might be executed, sometimes with harmful results.") (p "By default, Zettelstore prohibits any HTML content." " " "If you want to relax this rule, you should take a look at the startup configuration key " (a (@ (href . "00001004010000#insecure-html")) (kbd "insecure-html")) ".") (p "Even if you have allowed HTML content, Zettelstore mitigates some of the security problems by ignoring suspicious text when it encodes a zettel as HTML." " " "Any HTML text that might contain the " (code "<script>") " tag or the " (code "<iframe>") " tag is ignored." " " "This may lead to unexpected results if you depend on these." " " "Other " (a (@ (href . "00001012920500")) "encodings") " may still contain the full HTML text.") (p "Any external client of Zettelstore, which does not use Zettelstore's " (a (@ (href . "00001012920510")) "HTML encoding") ", must be programmed to take care of malicious code."))