Editing Markdown files in Preview
Box Preview enables you to edit Markdown (.md) files.
Box Preview’s Markdown editor is a native, cloud-based editor built directly into Box.
Whether you’re documenting technical specifications, creating agents.md files,
drafting structured notes, or managing knowledge bases, the Box Markdown editor enables
you to create and edit Markdown files without leaving Box.
While you edit a Markdown file in Box Preview, Box applies a lock to the file to prevent other
people from also editing the file.
Box Markdown editor is available to all Box users.
You can begin creating and editing Markdown files immediately upon accessing your Box account.
Creating a new Markdown file
To create a new Markdown file in any folder:
-
Navigate to the folder where you want to create the file.
-
Click the New+ button in the top-right corner of the folder view.
-
Select Markdown from the dropdown menu.
-
Enter the name for the Markdown file and click Create.
The Box Markdown editor opens in a new tab, ready for you to begin typing.
Choosing your view mode
Box Markdown editor provides three distinct working modes to match your preferred writing and reviewing style.
You can switch between modes at any time using the controls at the bottom of the editor toolbar.
-
Code view: Write and edit raw Markdown syntax directly. Ideal for precision, structural control, and experienced Markdown authors.
-
Preview mode: See a fully rendered output of your Markdown. Perfect for reviewing formatting and sharing polished content.
-
Split view: Write in code view on the left while seeing a live rendered preview on the right, simultaneously, in real time.
Split view is particularly useful when working with complex tables, headers, or nested lists, as it lets you catch formatting errors as you type without switching modes.
Editing Markdown files
To begin editing a Markdown file in Box Preview:
-
In your Box Files window, click the name of the file.
Box displays the file’s contents in Preview.
-
In the Preview window, click Edit.
Box displays the file’s contents in Markdown form, along with an editing menubar.
-
After editing the file, click Save.
Box displays the file’s new contents in Preview.
Editing HTML files in Box
Box provides a built-in HTML sandbox that renders your code alongside a raw text editor.
This feature enables you to view and edit agent-generated HTML directly within your account.
With this feature, you can:
-
View and edit all agent-generated HTML added to your account.
-
Execute inline scripts, event handlers, and inline styles safely within a secure sandbox.
-
Edit raw HTML code with automatic dirty tracking, saving, split-view, and resizing.
How the HTML sandbox works
To protect your account data, Box uses a native iframe sandbox as a security boundary.
This sandbox isolates the preview runtime from the rest of the application.
Creating and editing HTML files
To edit an HTML file in Box:
- Locate the HTML file in your account.
- Click the file to open it in the editor. Box automatically composes the raw editor and the HTML preview pane when the file type is HTML.
- In the left-hand pane, edit your HTML code. The preview pane on the right-hand side automatically rebuilds your preview after you stop typing.
Supported HTML elements and attributes
To ensure high fidelity while maintaining security, Box supports a curated list of HTML elements and attributes:
-
Inline styles and scripts: You can use inline styles and inline scripts. External stylesheets and external scripts are blocked by the security policy.
-
Event handlers: You can use common event handlers including onload, onclick, onerror, onchange, onsubmit, key events, mouseevents, onfocus, onblur, and oninput. Less common event handlers are dropped during sanitization.
-
Images and fonts: You can display images and fonts using data URIs. External network loads for images and fonts are blocked.
Link and navigation behavior
To prevent scripts from navigating away from the host tab or opening unauthorized windows, Box applies three layers of navigation mitigations:
-
Link-click interception: Box intercepts all link clicks within the preview. If you click a link that starts with a hash (#), Box manually scrolls to the target element. All other links, such as http, mailto, javascript, or relative links are suppressed.
-
Form submission blocking: The sandbox blocks all form submissions to prevent data exfiltration.
-
Window escape prevention: The sandbox blocks top-level navigation and popups, preventing scripts from changing the location of the parent window or opening new tabs.