Ruby on Rails - best_in_place sanitize option doesn't work properly

Question

I am using the following code in my view:

<div class="col-12 col-md-8">
    <% if current_user == @post.user || current_user.try(:admin?) %>
        <%=best_in_place @post, :body, :as => :textarea, inner_class: 'form-control', ok_button: 'update', ok_button_class: 'btn btn-outline-success btn-sm'%>
    <% else %>
        <p class="postbody"><%= sanitize @post.body %></p>
    <% end %>
    <div class="py-3">

Input text:

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.

Expected: #code blocks doesn't accept html tags as it seems

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.

Behavior

Lorem <b> ipsum </b> dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.

If I am logged out my post.body gets sanitized. However, if I am logged in the text accepts html tags. (doesn't get sanitized I guess) In the best_in_place documentation it says sanitize is set to true by default. I tried sanitize: true as well, still doesn't work.

Does anyone know why it behaves like this?

Best regards

Answer 1

It seems there is an undocumented option:

raw: true

That will enable pure HTML to be rendered, without converting it to plain text before display. Someone else posted about the same problem on Github. See here:

https://github.com/bernat/best_in_place/issues/520