javascript - rails-Bootstrap-markdown gem not parsing to html on save

Question

I am using bootstrap-markdown to add a markdown editor to my page and save the content parsed to html in the database. The problem is that (although i believe it should) it does not save the html result but the raw text instead.

this is my code:

 <div class="well col-md-10 col-md-offset-1">
 <%= form_for(:post, :url => {:action => 'create'}) do |f| %>
    <%= f.text_field(:title, class: 'form-control')%>
    <%= f.text_field(:description, class: 'form-control')%>
    <%= f.text_area(:content, rows: 15, "data-provide" => "markdown")%>
    <%= f.button "Submit", type: 'submit', class: 'btn col-md-4 col-md-offset-4 btn-large btn-success' %>
<% end %>
</div>  

I have added the libraries as follows:

//= require jquery
//= require bootstrap-sprockets
//= require jquery_ujs
//= require turbolinks
//= require markdown.js
//= require to-markdown.js
//= require bootstrap-markdown-bundle
//= require_tree .


 *= require_tree .
 *= require_self
 *= require bootstrap-markdown

This is the html output:

<button class="btn col-md-4 col-md-offset-4 btn-large btn-success" name="button" type="submit">Submit</button>

Answer 1

...the primary purpose of this plugin is to provide Markdown editor

It was not intended to convert anything to HTML (conversion from/to HTML and Markdown is done by third party plugins which are included into that bundle). That is just Markdown editor, not HTML editor.

Reasons not to save HTML:

1) you can not output part of HTML without breaking layout (in case with not closed tags) or using third-party libs to fix those chunks;

2) if you edit Markdown with Markdown editor - use Markdown as source for editing, or one day you'll have problems converting everything to and from HTML and Markdown, which also causes data loss + not everything can be converted back (this note is written on to-markdown.js plugin site).

3) you need to prevent possible XSS-attacks, so you have to do extra work after storing HTML, because plugins will not save you from that (and storing vulnerable chunks of code is not good idea, cause you'll have to output that as raw html). Anyone can bypass your editor and send you insecure content, that will later be output on your site.

and so on and so forth...