4

I'm using Redcarpet as a Markdown renderer and I would like to be able to display html or any text with < and > without it to be parsed.

Here is an illustration of what should happen:

The user types 

I *want* to write <code>

The source of this comment when sent back by the server should be

I <em>want</em> to write &lt;code&gt;

Problem is since the renderer outputs escaped html when parsing the Markdown, I get:

I &lt;em&gt;want&lt;/em&gt; to write &lt;code&gt;

Therefore I can't distinguish between the html that people send to the server and the html that is generated by the Redcarpet renderer. If I do a .html_safe on this, my markdown will be interpreted but the user-inputted html too, which shouldn't.

Any idea on how to fix this? Note that the idea would be to display (but not parse) user-inputted html even if the user didn't use the backticks ` as expected with markdown.

Here is the relevant bit of code : 

# this is our markdown helper used in our views
def markdown(text, options=nil)
    options = [:no_intra_emphasis => true, ...]

    renderer = MarkdownRenderer.new(:filter_html => false, ...)

    markdown = Redcarpet::Markdown.new(renderer, *options)
    markdown.render(text).html_safe
end
4

1 回答 1

1

如果我理解正确,您只需要<code>普通文本而不是 HTML 元素。

为此,您需要使用反斜杠转义<and :>

I *want* to write \<code\>
于 2014-07-20T14:39:22.577 回答