Markdown is a terrible language

Name: Markdown is a terrible language
Uploaded: 2026-04-27T12:00:00.000000Z
Description: Theo (t3.gg) reviews Brock’s article arguing Markdown’s ambiguous syntax, inline HTML, and context-sensitive grammar make it dangerously unsuitable for modern use. Bold text alone has 3+ valid CommonM…

Apr 27, 2026 · Source ↗

Summary based on the YouTube transcript and episode description.

Theo (t3.gg) reviews Brock’s article arguing Markdown’s ambiguous syntax, inline HTML, and context-sensitive grammar make it dangerously unsuitable for modern use.

Bold text alone has 3+ valid CommonMark syntaxes; two entirely different documents can produce identical rendered output.
A 6.9-severity ReDoS CVE exists in markdown-it: a string of stars inside a link takes 65,553 regex steps, enabling DoS.
Inline HTML forces every Markdown parser to also ship a full HTML parser, directly expanding XSS attack surface.
Footnotes push Markdown from context-free to context-sensitive grammar, requiring a full compiler instead of a simple transliterator.
Jeff Atwood in 2012 publicly called Gruber’s original markdown.pl one of the worst small programs ever written, riddled with bugs.
Gruber’s MD5-based internal escaping caused a Reddit-wide XSS attack when hashes were substituted for tokens mid-parse.
Brock’s proposed fix: a purpose-built markup language with a formal build system, no inline HTML, and compile-time hook support.
Theo warns that LLM agents universally output Markdown, and new vibe-coded parsers are introducing a fresh wave of exploits.

2026-04-27 · Watch on YouTube

Related coverage

Making millions of dollars on fake GitHub stars

I don’t really like GPT-5.5…

Open source is dead now?

Did Anthropic just kill Figma?