03 / DEVELOPER
Markdown Preview
Render GitHub-flavored Markdown live in your browser. All HTML is sanitized so embedded scripts and unsafe attributes can't run.
Embedded HTML, scripts, iframes and javascript: URLs are stripped. Use Copy HTML to grab the rendered, safe markup.
How to use
- 1Type or paste GitHub-flavored Markdown into the left pane.
- 2The right pane renders sanitized HTML in real time — tables, fenced code, autolinks and task lists are all supported.
- 3Embedded HTML, scripts, iframes and javascript: links are stripped automatically.
- 4Use Copy HTML to export the safe markup, or Copy Markdown to grab your source.
Frequently asked questions
Why no syntax highlighting?
Quality syntax highlighters add 100–600 KB. We chose a lean experience by default; we may add an optional highlight bundle later.
Is the output really safe?
Two layers of defense: the Markdown engine never emits raw HTML, and DOMPurify strips anything dangerous from the result. Common XSS payloads are tested in our suite.
Are images supported?
Yes — image URLs render as expected. Note that javascript:, data:, and vbscript: URLs are blocked by sanitization.
Does this match GitHub exactly?
Close, but not bit-for-bit. We use marked with GFM extensions; small edge cases (HTML inside lists, autolinking heuristics) may differ.
Is anything sent to a server?
No. The Markdown library and sanitizer load lazily into your browser the first time you visit this tool, then run entirely offline.