Glad that it mostly works for you.
It's better not to inject JavaScript there, but rather to provide
JavaScript methods through a TemplateHook or as part of a JSExtension's
constructor.
Christian
On Mon, Jan 29, 2018 at 3:58 AM, Meng-Zhe Zhang
wrote:
> Hi, Christian. Thank you for your reply.
Hi, Christian. Thank you for your reply.
I add format_html() to as_html, and it worked as expected for regular text
areas.
PS:
Actually, I injected some javascript into as_html() on purpose, and this
does not work well with format_html().
I need to exchange information between RB & Jenkins s
Hi,
For security purposes, as_html() (and other HTML-returning methods) need to
return a string marked as safe for HTML. Plain text strings are considered
unsafe by default. For instance, in your case, if some_url was able to be
provided by a user in some form, it could contain code like:
>so
