rails-Bootstrap-markdown gem在保存时未解析为html [英] rails-Bootstrap-markdown gem not parsing to html on save

问题描述

我正在使用 bootstrap-markdown 将markdown编辑器添加到我的页面并保存内容解析为数据库中的html.问题是(尽管我相信应该这样做)它不会保存html结果，而是保存原始文本.

I am using bootstrap-markdown to add a markdown editor to my page and save the content parsed to html in the database. The problem is that (although i believe it should) it does not save the html result but the raw text instead.

这是我的代码:

 <div class="well col-md-10 col-md-offset-1">
 <%= form_for(:post, :url => {:action => 'create'}) do |f| %>
    <%= f.text_field(:title, class: 'form-control')%>
    <%= f.text_field(:description, class: 'form-control')%>
    <%= f.text_area(:content, rows: 15, "data-provide" => "markdown")%>
    <%= f.button "Submit", type: 'submit', class: 'btn col-md-4 col-md-offset-4 btn-large btn-success' %>
<% end %>
</div>  

我添加了以下库:

//= require jquery
//= require bootstrap-sprockets
//= require jquery_ujs
//= require turbolinks
//= require markdown.js
//= require to-markdown.js
//= require bootstrap-markdown-bundle
//= require_tree .


 *= require_tree .
 *= require_self
 *= require bootstrap-markdown

这是html输出:

<button class="btn col-md-4 col-md-offset-4 btn-large btn-success" name="button" type="submit">Submit</button>

推荐答案

...此插件的主要目的是提供Markdown编辑器

...the primary purpose of this plugin is to provide Markdown editor

它不打算将任何内容转换为HTML(从/转换为HTML，Markdown由包含在该捆绑包中的第三方插件完成).那只是Markdown编辑器，而不是HTML编辑器.

It was not intended to convert anything to HTML (conversion from/to HTML and Markdown is done by third party plugins which are included into that bundle). That is just Markdown editor, not HTML editor.

原因不保存HTML:

1)您不能输出HTML的一部分而不破坏布局(如果未关闭标签)或使用第三方库来修复这些块；

1) you can not output part of HTML without breaking layout (in case with not closed tags) or using third-party libs to fix those chunks;

2)如果您使用 Markdown 编辑器编辑Markdown-使用Markdown作为编辑源，或者有一天您将无法将所有内容与HTML和Markdown相互转换，这也会导致数据丢失+并非所有内容都可以转换回来(此说明写在to-markdown.js插件站点上).

2) if you edit Markdown with Markdown editor - use Markdown as source for editing, or one day you'll have problems converting everything to and from HTML and Markdown, which also causes data loss + not everything can be converted back (this note is written on to-markdown.js plugin site).

3)您需要防止可能的XSS攻击，因此在存储HTML之后，您必须做额外的工作，因为插件不会因此而为您节省(并且存储易受攻击的代码块也不是一件好事)想法，因为您必须将其输出为raw html). 任何人都可以绕过您的编辑器并向您发送不安全的内容，这些内容稍后会在您的网站上输出.

3) you need to prevent possible XSS-attacks, so you have to do extra work after storing HTML, because plugins will not save you from that (and storing vulnerable chunks of code is not good idea, cause you'll have to output that as raw html). Anyone can bypass your editor and send you insecure content, that will later be output on your site.

依此类推...

这篇关于rails-Bootstrap-markdown gem在保存时未解析为html的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！