Markdown a HTML
Renderiza Markdown a HTML sanitizado con vista previa en vivo para documentación
What is Markdown to HTML Conversion?
Markdown is a lightweight markup language created by John Gruber in 2004 that allows writers to format plain text using simple, intuitive syntax. Converting Markdown to HTML transforms this human-readable source into the structured markup that web browsers render. The conversion process parses heading markers, emphasis delimiters, link syntax, and block-level structures into their corresponding HTML elements. This tool performs the conversion entirely in your browser, producing clean, standards-compliant HTML output that you can use in websites, documentation systems, email templates, and content management platforms.
Markdown Syntax Fundamentals
Markdown provides a concise syntax for the most common formatting needs. Headings use hash characters
(# H1 through ###### H6), emphasis uses asterisks or underscores
(*italic*, **bold**), and links use the bracket-parenthesis pattern
([text](url)). Code spans use backticks (`code`) while fenced code
blocks use triple backticks with an optional language identifier for syntax highlighting.
Lists begin with -, *, or + for unordered items, and
numbers followed by a period for ordered items. Blockquotes prefix lines with >,
and horizontal rules use three or more hyphens, asterisks, or underscores on a line. Images follow
the link syntax with an exclamation prefix: . These primitives
cover the vast majority of formatting requirements for technical documentation, blog posts, and
README files.
The CommonMark Specification
The original Markdown description left many edge cases undefined, leading to incompatible implementations that rendered identical input differently. CommonMark was created in 2014 as a rigorous specification that removes ambiguity from the language. It defines precise rules for paragraph breaks, list item nesting, emphasis delimiter parsing, and how different block-level constructs interact when combined.
CommonMark ensures that a document produces identical HTML output regardless of which compliant parser processes it. The specification includes over 600 examples that serve as a conformance test suite. Major platforms including GitHub, GitLab, Reddit, Stack Overflow, and Swift use CommonMark-based parsers. When choosing a Markdown library, verifying CommonMark compliance guarantees predictable behavior across environments and eliminates rendering surprises when content moves between systems.
HTML Sanitization and XSS Prevention
Markdown allows inline HTML by design, which introduces a critical security concern: cross-site
scripting (XSS) attacks. A malicious user could embed <script> tags,
javascript: URLs in links, or event handler attributes like onerror in
image tags. Any Markdown-to-HTML pipeline that accepts user-generated content must sanitize the
output before rendering it in a browser.
Sanitization strategies include allowlisting safe HTML elements and attributes, stripping all raw
HTML entirely, or escaping dangerous characters. A robust sanitizer permits structural tags like
<table>, <details>, and <kbd> while
removing script injection vectors. Libraries such as DOMPurify perform this filtering on the client
side using the browser's own DOM parser, ensuring that even novel attack vectors are neutralized.
This tool escapes raw HTML in the Markdown source to produce safe output by default.
Extended Markdown Features (GFM and Beyond)
GitHub Flavored Markdown (GFM) extends CommonMark with features commonly needed in software
development. Tables use pipe characters to separate columns and hyphens for the header delimiter
row. Strikethrough wraps text in double tildes (~~deleted~~). Task lists use
- [ ] and - [x] for unchecked and checked items respectively.
Autolinked URLs become clickable without explicit link syntax.
Other popular extensions include footnotes ([^1] with a matching definition),
definition lists, mathematical expressions via LaTeX syntax, and admonition blocks for callouts
like warnings and tips. When converting extended Markdown, verify that your target renderer
supports the same extensions, or the raw syntax will appear as literal text in the output. This
tool supports standard CommonMark syntax and produces predictable HTML regardless of extension
availability in downstream systems.
Use Cases for Markdown to HTML Conversion
Documentation pipelines convert Markdown source files into HTML for static site generators like Astro, Jekyll, Hugo, and Docusaurus. Blog platforms store posts as Markdown for version control and portability, then render HTML at build time or on request. README files on GitHub and npm registries are Markdown that gets converted to HTML for display in the browser.
Email template workflows compose content in Markdown for readability, then convert to HTML with inline styles for email client compatibility. Knowledge bases and wikis use Markdown as their editing format because it is faster to write than raw HTML and produces consistent, accessible markup. Developers also convert Markdown to HTML when migrating content between platforms, testing rendering output during documentation reviews, or generating HTML snippets for embedding in applications that do not natively support Markdown rendering.
Code Examples
Converting Markdown to HTML with a CommonMark parser
// Example: converting Markdown source to HTML
const markdown = `# Getting Started
This is a **bold** statement with an [inline link](https://example.com).
- Item one
- Item two
- Item three
\`\`\`javascript
const greeting = "Hello, world!";
console.log(greeting);
\`\`\`
`;
// Using a CommonMark-compliant parser (e.g., markdown-it)
import MarkdownIt from 'markdown-it';
const md = new MarkdownIt({ html: false, linkify: true });
const html = md.render(markdown);
console.log(html);Output:
<h1>Getting Started</h1>
<p>This is a <strong>bold</strong> statement with an <a href="https://example.com">inline link</a>.</p>
<ul>
<li>Item one</li>
<li>Item two</li>
<li>Item three</li>
</ul>
<pre><code class="language-javascript">const greeting = "Hello, world!";
console.log(greeting);
</code></pre>Sanitizing Markdown HTML output to prevent XSS
import DOMPurify from 'dompurify';
// Untrusted Markdown might contain malicious HTML
const unsafeHtml = '<img src=x onerror="alert(1)"><p>Safe content</p>';
// Sanitize: remove dangerous elements and attributes
const cleanHtml = DOMPurify.sanitize(unsafeHtml, {
ALLOWED_TAGS: ['p', 'strong', 'em', 'a', 'ul', 'ol', 'li',
'h1', 'h2', 'h3', 'code', 'pre', 'blockquote', 'img'],
ALLOWED_ATTR: ['href', 'src', 'alt', 'class']
});
console.log(cleanHtml);Output:
<img src="x"><p>Safe content</p>Standards & Specifications
- CommonMark Specification — The formal specification for Markdown parsing, ensuring consistent rendering across implementations
- GitHub Flavored Markdown Spec — Extension of CommonMark with tables, strikethrough, task lists, and autolinks
Preguntas Frecuentes
What Markdown features are supported?
Common Markdown syntax is supported, including headings, emphasis, lists, blockquotes, links, tables, code blocks, and inline code.
Is raw HTML allowed in the input?
No. Raw HTML is disabled and the generated output is sanitized, which keeps the preview safe by default.
Can I preview the rendered HTML before copying it?
Yes. The page shows a live preview and the generated HTML source so you can inspect the result before reusing it.
Are links safe?
Yes. Links are sanitized and normalized so the preview does not quietly turn into a security problem wearing Markdown.