Re: render_to_response a HTML msg

Thu, 10 Mar 2011 09:03:54 -0800 

Oh, thanks a lot. That worked, but now I have one more doubt...

What are the security issues related to the use of safe variable? When can I
consider it safe? Is it possible to make some kind of injection using it
this way? Is autoescape a better option?

2011/3/10 Bill Freeman <ke1g...@gmail.com>

> Use:
>
>  {% if html_message %}{{ html_message|safe }}{% endif %}
>
> Presuming that you believe that the variable's content is, indeed, safe.
>
> Bill
>
> 2011/3/10 Thiago Carvalho D' Ávila <thiagocav...@gmail.com>:
> > I'm having some problem while trying to render some HTML code as a
> template
> > variable.
> >
> > What I am doing is:
> >
> > view.py
> > def view(request, id):
> >    thing = get_object_or_404(Object, pk=id)
> >    if blablabla:
> >       return render_to_response('template.html'),
> > {'html_message': '<h2> We recommend that you click <a
> > href="thing.get_update_url">here</a></h2>'},
> > }, RequestContext(request))
> >
> > template.html
> > <html>
> >    {% if html_message %}{{ html_message }}{% endif %}
> > </html>
> >
> > But I get the HTML tags written in the text, not the link.
> > What am I doing wrong?
> >
> > Tks ;)
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to django-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/django-users?hl=en.
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to