Comment by rmunn
1 day ago
"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."
I didn't even know Notepad would render Markdown.
Notepad rendering other formats removes one of the specific reasons I use notepad: to strip the stupid formatting that all sorts of applications seem to want to attach to text these days.
Notepad handily strips away all the custom link namings and formats that totally fuck the expected output of a simple copy and paste. That's a big part of the its magic: it's immunity to the choices of marketing teams and dud management.
I don’t know if it works for windows but on other operating systems if you hold shift while pasting it strips the special formatting. I don’t have a windows machine readily available but I hope even if it doesn’t work there this will be useful to other people reading the comment. I agree though. Basically the only format I ever want to keep is _sometimes_ the link with text. And even then usually not the exact coloring/indicators.
You can still do this in W11 notepad. Firstly, there's a global setting for having formatting/markdown being enabled at all, and secondly it only does the rendering for .md files. Finally, while formatting is enabled, and editting a markdown file, you have the option to toggle between formatted and "syntax" view (ie raw text).
Windows now has buttons in win-v (the clipboard helper popup) for this
Torture will continue until morale improves
I think it's very recent, I use it almost daily and only last week did I see a markdown file being rendered.
These kind of surprises are the reason why we should switch off auto update on every software.