11

Why do I need a Markdown with a front edit editor like WMD? What does the markdown do to the content that’s sent from the WMD editor?
How does Markdown store the content in the backend? Is it the same way like *bold* or in some other format? Why can’t I just do an html encode?

Sorry if I sounded very naïve.

0

4 Answers 4

35

diagram

      

3
  • 1
    What diagramming tool was used to make that? ;)
    – Koobz
    Commented Feb 7, 2010 at 18:58
  • 1
    Plain PowerPoint 2007. It's funny how I'm increasing to use Word or PowerPoint to make photo reflections and fast pretty graphics. Commented Feb 8, 2010 at 11:22
  • Sometimes the problem with using Markdown is your users are really stupid and don't care that they can type in good ol' plain text. Your users are conditioned to being able to paste bad formatted, poorly styled, MS Word HTML into any kind of rectangular-shaped text input box. Your users are incompetent idiots that don't want to think when they want to emphasize text, they just want to click that giant B and slanted I and be done with it.
    – snicker
    Commented Feb 9, 2010 at 23:16
13
+100

It's probably helpful to take a step back and ask some of the larger questions. The issue Markdown is trying to solve is that of rich editing in the browser. Consider this: At some point, for any piece of software to enable rich text it has to describe the richness in a some manner, however that may be.

We could call that description of richness (by description of richness I mean like "this bit of text is bold" or "this bit of text is a hyperlink), we could call that description of richness "markup" -- it marks up the text with meta "richness".

Implementations of rich text can take on two approaches, either a.) hide the markup from the user or b.) let them have access to the markup.

For those who choose to hide it, the end result is very often WYSIWYG. The user is oblivious to what is happening behind the scenes. The editor takes care of the details. Think MS Word as an example. No one manipulates the Word markup format as a regular end user.

For implementations which choose to expose the markup, a markup language is then in order to allow users to interacat with it. Such markup languages would be things like HTML doing <tag> or BB code for example, doing things like [tag].

Markdown is one such of these languages.

As opposed to the former types I mentioned, Markdown has tried to design itself so that the markup renders common ASCII people already use. For example, it's common for people to asterisk their text to set it off, *important*, and this notation in Markdown is an indicator of italic.

In regards to storage, as Stephan pointed out, the system will most likely store the raw markdown, because the user will most likely need to have the possibility of editing, and the original markdown can be recalled for that purpose.

In most of the systems I've built, I store the markdown, and then normalize it to a 2nd field which caches the HTML rendering of the markdown. This way I don't have to do markdown->HTML rendering for every markdown field. It takes a little more space, but I'd rather the user have a faster response than use less DB storage space.

Care should also be taken when accepting Markdown from the browser, as it can easily contain <script> tags which need to be filtered out. Most markdown implementations will also recognize HTML intermingled with Markdown formatting, as so to be safe, you need to make sure your inputs and caches are sanitized properly.

1
  • Well, one place we don't is in ReadMe files, the result is crappy and hard to read. I have yet to find a decent reader for the Mac, one that had such advanced features as find. Sure it is good for creating web pages but giving people .md documents, that just sucks, what are these people thinking?
    – zaph
    Commented Nov 15, 2012 at 18:23
3

The reason for using an alternate encoding system other than HTML is for security

Markdown and other such wiki style encoding systems do not usually support scripting languages

HTML supports scripting languages in many ways (

The two main security issues are:

  1. Malware criminals use scripts in user generated content to attempt malware actions on the content readers computer by scripting to access known security holes

  2. Free loaders using scripts to subvert the rest of the site by changing the content frame or styles i.e. ads, menu's, logos etc. This can also be criminal behaviour if not just annoying

By using an intermediate language such as Markdown you have total control on the rendered output

Filtering HTML is possible, but is also complex and risky

The other significant reason for an alternate encoding system is enforcement of style. Normal HTML has too many options. By limiting the available options, users can only use certain styles. The usually makes for cleaner looking and more readable content (compare SO to Ebay)

3

The main reason for using Markdown is the readability of a marked text. For instance, you can send it in a plain-text email and the reader will still understand the emphiasis, bullets, the text will be divided in paragraphs et cetera.

When you ask about storing data, it depends. If you enable Markdown in the WordPress blog engine, it stores data as the user has input it - in Markdown. In Stack Overflow, however, it seems like the data is stored as HTML. At least, the "Stack Overflow data dumps" contain HTML, not Markdown (I've seen people complaining) that they have to convert it back).

If you use the WMD editor, you can show the user how the outputs will look like after being converted to HTML. Even though Markdown syntax is really simple, it is not hard to make mistakes. Hence, it is best to show users the output.

Another reason for using Markdown instead of a WYSIWIG control - a WYSIWIG control allows the user to use HTML in data you are displaying on your web page. So, you have to be the one who decides when there is simply incorrect HTML and when it is an evil XSS/CSRF/whatever injection. In Markdown, you simply convert *something* to <b>something</b>, remove any unknow HTML elements and you're done.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.