Markdown is a terrible language

TL;DR

Markdown's minimal design has been stretched far beyond its original purpose, creating ambiguous syntax, security vulnerabilities, and parsing nightmares that make it unsuitable for modern use.

Key Points

• 1.Markdown has multiple conflicting syntaxes for the same output. Bold alone can be written as double stars, double underscores, or HTML B tags — and that's just CommonMark; non-compliant implementations add even more variants.
• 2.Ambiguous nested syntax creates real security vulnerabilities. A class of parser exploits called ReDoS (Regular Expression Denial of Service) affects Markdown parsers — one CVE scored 6.9 severity where a string of stars in a link takes 65,553 processing steps, enabling denial-of-service attacks.
• 3.Inline HTML turns Markdown into an attack surface. Every inline HTML allowance expands the attack surface for cross-site scripting; Reddit was once hit with a XSS exploit that bypassed filters due to Markdown's MD5 hash-based escaping mechanism.
• 4.Markdown's grammar is context-sensitive, not context-free. Footnotes and reference-style links require global definition resolution — a token's meaning depends on declarations elsewhere in the document, breaking purely context-free parsing assumptions and forcing a full compiler instead of a simple transliterator.
• 5.Markdown is the C++ of markup languages — everything has two ways of being done. Two heading syntaxes, two bold/italic syntaxes, two horizontal rule syntaxes, and an ordered list that ignores numbering all contribute to a bloated, legacy-laden specification.
• 6.The author argues Markdown needs a proper build system, not patches. A sane solution would use an unambiguous syntax, well-defined shortcodes, compile-time hooks, and no inline HTML — rather than the current 'Frankenstein's monster' that fails as both a markup and programming language.
• 7.Jeff Atwood publicly begged John Gruber to fix or hand off Markdown back in 2012. Gruber's original markdown.pl was called 'one of the worst small programs ever read' — riddled with bugs and regex spaghetti — yet many implementations still replicate its errors today.