Document Workflow
Preview Markdown safely before publishing a README or article
Review Markdown structure, links, images, code, math, raw HTML, and the sanitized output before moving a README, technical note, or article into its publishing system.
Written and tested by SimpleWebUtilsPublished: Reviewed:
How this workflow was checked
This check paired the exact “Review a release note with a task list, table, and footnote” input with Markdown Preview & Sanitized HTML Converter. We followed “Remove private and environment-specific data”, captured the result after “Preview structure before appearance”, and compared it with the example while treating “Calling compatibility an exact rendering guarantee” and “Reviewing only the visual pane” as explicit boundary questions.
The preview contained one h1, disabled task boxes, a right-aligned table column, and a linked footnote; the final check also confirmed that no staging URL remained.
Problem
Markdown looks portable because the source is plain text, but renderers disagree on extensions and edge cases. GitHub, a documentation generator, a CMS, and an email editor can handle heading IDs, task inputs, tables, raw HTML, footnotes, math, and URL policies differently. A pasted document may also contain tracking images, private issue links, internal hostnames, tokens in code examples, or HTML that a destination rewrites. A local preview can expose many of these problems, but it cannot replace the destination's renderer, stylesheet, security policy, or final review.
Sources and standards
These authoritative references define the formats or security boundaries used in this workflow. Tool-specific verification is documented separately above.
- CommonMark Specification
CommonMark
When to use this
- A README or changelog contains tables, tasks, code fences, images, or footnotes that are hard to inspect as plain text.
- A technical article uses KaTeX math, definition lists, or collapsible details and needs a visual pass before publication.
- Markdown will be converted to HTML for a CMS, documentation site, knowledge base, or email workflow.
- A copied document may include remote images, raw HTML, private links, internal names, or sensitive example values.
Steps
- Step 1
Remove private and environment-specific data
Search the source for access tokens, cookies, email addresses, account IDs, internal hostnames, private repository links, customer names, and production log values. Replace them with deliberate examples before previewing or sharing. Local rendering reduces transmission, but the working copy, clipboard history, downloads, and eventual destination can still retain sensitive text.
- Step 2
Identify the destination's Markdown contract
Check whether the target uses GitHub Markdown, CommonMark, a static-site plugin set, a CMS parser, or pre-rendered HTML. Record the features that matter: table alignment, task states, heading anchors, code language names, footnotes, math delimiters, raw HTML, and relative paths. This preview supports many common features but is not GitHub's own renderer.
- Step 3
Preview structure before appearance
Load the document and verify one logical heading hierarchy, list nesting, table headers, link text, image alt text, code-fence closure, footnote references, and readable fallback text. Use Manual mode for a large document so repeated parsing does not interfere with editing. Treat syntax highlighting and typography as secondary to correct structure.
- Step 4
Make a deliberate remote-image decision
Leave remote images disabled during the first review. Relative paths and safe raster data images can still be inspected, while HTTP(S) image URLs are removed and reported. Enable remote images only when every host is trusted and contacting it is intended. Each enabled image can reveal an IP address, timing, user agent, and referrer-related metadata despite the no-referrer policy.
- Step 5
Inspect sanitization and the HTML fragment
Compare the rendered pane with the HTML output. Confirm that scripts, event handlers, iframes, embedded media, forms, active URL schemes, SVG data images, and arbitrary styles are absent. Safe details, tables, task checkboxes, links, and KaTeX markup may remain. Remember that the copied result is a content fragment, not a complete themed document.
- Step 6
Test in the real publishing system
Paste the original Markdown or exported HTML fragment into a draft, staging page, or disposable test entry in the destination. Recheck anchors, relative URLs, code styling, math assets, table overflow, dark mode, keyboard navigation, and mobile width. Review the final network requests and rendered DOM because the destination may add, remove, or rewrite markup after this tool's sanitization.
Example
Review a release note with a task list, table, and footnote
Input
# Version 2.4 release
- [x] Run automated tests
- [ ] Publish migration notes
| Area | Result |
| --- | ---: |
| Keyboard review | Pass |
| Mobile table | Check |
See the staging record.[^review]
[^review]: Replace this note with the public review date before publishing.Output
Confirm one h1, disabled task checkboxes, a header row, right-aligned result cells, a linked footnote, and no private staging URL. Then repeat the check in the destination renderer.Common mistakes
Calling compatibility an exact rendering guarantee
A successful local preview does not prove GitHub, a CMS, or a static-site generator will produce identical anchors, task markup, code classes, footnotes, or HTML filtering.
Using a tracking image as a harmless example
An image URL can contact an analytics endpoint as soon as a renderer loads it. Keep remote loading off until you have reviewed each host and removed query strings or identifiers that do not belong in the document.
Reviewing only the visual pane
A page can look correct while containing poor heading order, empty link text, missing alt text, unsafe destination URLs, or markup that the publishing system later strips. Inspect both structure and appearance.
Publishing the fragment without destination CSS
The HTML output does not carry a site's typography, code theme, responsive table rules, or complete KaTeX stylesheet. Test the fragment inside the actual layout rather than judging a raw file alone.
Assuming sanitization survives every later transform
A CMS plugin, template engine, or client-side component may reinterpret or augment HTML. Apply the destination's own sanitization and Content Security Policy, and inspect the final result.
FAQ
Can this prove that a README will look identical on GitHub?
No. It is a close review aid for common syntax. Use a branch, pull-request preview, or private test repository for the final GitHub-specific check.
Why are remote images blocked by default?
Loading an HTTP(S) image contacts another host and can disclose network and request metadata. Blocking prevents that request until you explicitly decide the host is appropriate.
Is the generated HTML safe to paste into any CMS?
No universal guarantee is possible. The output is sanitized under this tool's policy, but the destination can rewrite it and may enforce different allowed tags, attributes, URLs, and styles.
Why does exported HTML look plain in another page?
The export is a content fragment. Add the destination's typography, table, code-highlight, and KaTeX styles, then test responsive and dark-mode behavior there.
Should a large document stay in Live mode?
Use Manual mode when repeated rendering makes typing slow. The tool warns above 50,000 UTF-8 bytes and rejects input above 500,000 bytes or unusually large generated HTML.