Re: escape problem in django templates

Sat, 16 May 2009 08:17:38 -0700 

On Sat, May 16, 2009 at 12:23 AM, ozgurisil <ozguri...@gmail.com> wrote:

>
> Hello all,
>
> Let's say that I have this string:
>
> s = '<p>Hello!</p>'
>
> When I pass this variable to a template, I want it to be rendered as
> raw html. Looking at the docs I see that I can either use the safe
> filter:
>
> {{s|safe}}
>
> or disable autoescape:
>
> {%autoescape off}
> {{s}}
> {%endautoescape%}
>
> or inside the python code declare it safe:
>
> from django.utils.safestring import mark_safe
> s = mark_safe(s)
>
> None of these options are working for me. Whatever I do, the string is
> displayed as:
>
> <p>Hello!</p>
>
> I must be missing something, just couldn't figure out what. Is there
> some security setting somewhere that disallows escaping?
>

No, there is no setting like that.  Given this view:

from django.shortcuts import render_to_response
from django.template import Context
from django.utils.safestring import mark_safe
def escape_view(request):
    v1 = '<p>Hello!</p>'
    v2 = mark_safe(v1)

    c = Context({'v1': v1, 'v2': v2})
    return render_to_response('escape_template.html', c)

with an 'escape_template.html' that contains:
----------
v1 is: {{ v1 }}

<br><br>

{% autoescape off %}
Inside an autoescape off block, v1 is: {{ v1 }}
{% endautoescape %}

v1|safe is: {{ v1|safe }}

v2 is: {{ v2 }}
----------

I see:
----------
v1 is: <p>Hello!</p>

Inside an autoescape off block, v1 is:

Hello!

v1|safe is:

Hello!

v2 is:

Hello!

----------

in a browser.  Looking at the source HTML, it is:

----------

v1 is: &lt;p&gt;Hello!&lt;/p&gt;

<br><br>


Inside an autoescape off block, v1 is: <p>Hello!</p>


v1|safe is: <p>Hello!</p>

v2 is: <p>Hello!</p>

----------

So I only see the tag characters escaped when the string is not marked safe,
not sent through the safe filter, and not in an autoescape off block.  If
you try that view/template, what do you see?  If that works for you, what
are you doing differently in your code?  (If that test view/template doesn't
work for you, I will be very confused.)

Karen

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to