Markdown support

[noraj]

It would be nice to have alternative Markdown support for findings fields rather than HTML. Using HTML or Markdown could be set up globally in the admin area.

Example of similar tool that has Markdown support: writehat

[yeln4ts]

The text has to be saved in HTML format so that it can be converted to OOXML when generating. Also not everything can be converted to OOXML right now (eg: tables). I don't see the necessity to handle both format when writing.
The only thing that I thought would be useful would be to have the option to convert some selected text from Markdown to HTML for people who take their notes in Markdown.

[noraj]

Markdown if meant to be transpilled as HTML and markdown renderers can accepts html tags and forwards them so sotring markdown would be backward compatible with vulns storing HTML. Generating the report would be Markdown -> HTML -> OOXML then. So in fact we can keep markdown only while being backward compatible.

As most pentesters use markdown, that github issues/comment are using markdown, HackerOne issue are using markdown, etc. having markdown here would facilitate a lot.

[noraj]

I take this as a "No" then 😆

[yeln4ts]

Yes sorry I didn't want to focus too much on this point since editing is already working good with HTML.

Since I could sense your disappointment 😛 I looked at it by curiosity with a fresh eye and I had disabled Input and Paste rules of the editor because of some markdown issues (I don't remember what). But since then I added some checks that could have resolved those issues. I did a quick test and it seems to be working correctly.

Can you check on your side (or anyone who would like to test for markdown) by commenting those 2 lines in frontend/src/components/editor.vue:

This will enable markdown only for handled items (the ones in the toolbar). If it works correctly I could reopen this issue as an enhancement and will add it in the User settings feature (which is not yet implemented)

[noraj]

This will enable markdown only for handled items (the ones in the toolbar).

ON PASTE It works only for bold, Strikethrough, italic and inline code. It doesn't work for lists, titles, code blocks, quotes even if they are on the toolbar.

When writing Everything in the toolbar works. Links are missing from the toolbar and so are not working.

I don't like much the render in place, is there an option to show the source (both for HTML or markdown)?

I also found some examples of Markdown editor with vue:

• https://vuejsexamples.com/a-cross-platform-markdown-text-editor/
• https://vuejsexamples.com/a-simple-example-of-a-markdown-editor-on-vue/
• https://vuejsexamples.com/a-simple-markdown-editor-with-vue-js/
• https://vuejsexamples.com/an-online-markdown-editor-built-with-vuejs/
• https://vuejsexamples.com/a-markdown-editor-component-for-vue-that-renders-in-place/
• https://vuejsexamples.com/a-vue-3-markdown-it-wrapper-plugin/
• https://vuejsexamples.com/example-markdown-editor-built-using-evwt/
• https://vuejsexamples.com/markdown-editor-built-on-vue/
• https://vuejsexamples.com/vue-markdown-editor-component-for-vue-js/
• https://vuejsexamples.com/the-vue-lib-for-markdown-it/
• https://vuejsexamples.com/markdown-editor-using-codemirror-and-previewer-using-showdown-for-vue-js/
• https://vuejsexamples.com/a-markdown-editor-based-on-vue-markdown-it/
• https://vuejsexamples.com/a-powerful-markdown-components-for-vue/
• https://vuejsexamples.com/a-vue-js-component-for-editing-and-previewing-markdown/

[yeln4ts]

Yes it seems there are some limitations when pasting when going through the tiptap issues.

As I find that it's working correctly using HTML and I like the customizability of tiptap I wont change the editor.

Feel free to explore tiptap customization capabilities and if you find a way to make it work flawlessly I will gladly add it to the project.

[noraj]

Even for HTML could you enable the link shortcut on the editor.

[yeln4ts]

Not yet as it should also be handled in the OOXML conversion.
The goal is that anything you have in the editor you can find it in your generated report.
I am currently reviewing a PR that handle links as a filter. If it works then it could be use in the HTML to OOXML function

[CarlesLlobet]

I'd love to have this feature too.

I (and I am sure many other folks around here) tend to work in Markdown (in either Outline/Notion/Sublime) due to many reasons:

• Ease of use: I find it easier and much more straightforward to document whilst I'm in the middle of an engagement
• Offline: sometimes I write/fine-tune my findings whilst traveling or offline, so it's straightforward to do so in markdown
• Compatibility: Although for clients it's great to have a report in doc/pdf, keeping the notes in Markdown format allows you simply paste the Markdown directly when its for a BugBounty / Github Issue, etc.

In my scenario, I wouldn't need the pwndoc itself to support markdown editing, but at least it'd be awesome to be able to copy a whole markdown (with all findings/evidence images/etc) and that it parsed all content (provided a specific format, ofc) to directly import to your pwndoc DB and generate a report.

Would something like this ("Import Markdown") be easier to implement than rather full markdown support which implies an editor change?