# MarkdownToRichText

## Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

### Headers

```
POST /api/ss/utils/markdown-to-richtext HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close
```

### Body

**custom\_key (string)**

A user-supplied custom key with a markdown string supplied as the value. Multiple custom key/value pairs can be included within the object.

Example:

```
{
   "vuln_recommendation": "Proper validation, file type restrictions, size limits, and permission controls are essential to mitigate this vulnerability.\n\nAt this time the only check of file validity seems to be if it ends in '.jpg' (or other image type) and this is easy for an attacker to bypass.\n\nHere are some examples of other validation checks that could be used:\n\n### Validate file MIME type and content (magic bytes):\nCheck the actual file content and signature, not just the extension or the Content-Type header, which can be spoofed.\n\n### Sanitize and validate filenames:\nEnsure filenames do not contain special or dangerous characters (e.g., ../, %00, /, ) to prevent path traversal and overwrite attacks. Set a filename length limit and restrict allowed characters to alphanumeric if possible.\n\n### Rename uploaded files:\nAssign unique, random, or hashed names to uploaded files to prevent overwriting existing files and to obscure file paths from attackers.\n\n### Do not trust client-side validation:\nAlways perform all validation checks server-side, as client-side controls can be bypassed.\n\n\nSee:\nhttps://docs.guidewire.com/security/secure-coding-guidance/file-upload-vulnerabilities/"
}
```

## Example

The following example is a cURL request to convert a custom value from markdown to rich text.

### Request

Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter.

```
curl -X POST 'https://demo.attackforge.com/api/ss/utils/markdown-to-richtext' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
  "vuln_recommendation": "Proper validation, file type restrictions, size limits, and permission controls are essential to mitigate this vulnerability.\n\nAt this time the only check of file validity seems to be if it ends in '.jpg' (or other image type) and this is easy for an attacker to bypass.\n\nHere are some examples of other validation checks that could be used:\n\n### Validate file MIME type and content (magic bytes):\nCheck the actual file content and signature, not just the extension or the Content-Type header, which can be spoofed.\n\n### Sanitize and validate filenames:\nEnsure filenames do not contain special or dangerous characters (e.g., ../, %00, /, ) to prevent path traversal and overwrite attacks. Set a filename length limit and restrict allowed characters to alphanumeric if possible.\n\n### Rename uploaded files:\nAssign unique, random, or hashed names to uploaded files to prevent overwriting existing files and to obscure file paths from attackers.\n\n### Do not trust client-side validation:\nAlways perform all validation checks server-side, as client-side controls can be bypassed.\n\n\nSee:\nhttps://docs.guidewire.com/security/secure-coding-guidance/file-upload-vulnerabilities/"
}'
```

### Response

Response contains a rich text object.

```
{
   "vuln_recommendation": "<p>Proper validation, file type restrictions, size limits, and permission controls are essential to mitigate this vulnerability.</p><p>At this time the only check of file validity seems to be if it ends in '.jpg' (or other image type) and this is easy for an attacker to bypass.</p><p>Here are some examples of other validation checks that could be used:</p><h3>Validate file MIME type and content (magic bytes):</h3><p>Check the actual file content and signature, not just the extension or the Content-Type header, which can be spoofed.</p><h3>Sanitize and validate filenames:</h3><p>Ensure filenames do not contain special or dangerous characters (e.g., ../, %00, /, ) to prevent path traversal and overwrite attacks. Set a filename length limit and restrict allowed characters to alphanumeric if possible.</p><h3>Rename uploaded files:</h3><p>Assign unique, random, or hashed names to uploaded files to prevent overwriting existing files and to obscure file paths from attackers.</p><h3>Do not trust client-side validation:</h3><p>Always perform all validation checks server-side, as client-side controls can be bypassed.</p><p>See:<a href=\"https://docs.guidewire.com/security/secure-coding-guidance/file-upload-vulnerabilities/\">https://docs.guidewire.com/security/secure-coding-guidance/file-upload-vulnerabilities/</a></p>"
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/markdowntorichtext.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.