Change: HTML Escape

created on Dec. 7, 2012, 6:02 a.m. by Hevok & updated on Dec. 7, 2012, 6:03 a.m. by Hevok

Database saved text can contain HTML which may interfere with the rendering process. For this by default strings from django auto-escaped (all HTML is ignored and they are rendered raw). If a string needs to be rendered within a template without escaping, it can be marked as safe.

The safe filter enables to mark the content of single variable to be trusted::

.. sourcecode:: django

This will not be escaped: {{ entry.text|safe }}

For whole code blocks the template block can be used:

.. sourceode:: django

{% autoescape off %}
    Render {{ entry.text }}
{% ensautoescape %}

Categories: Tutorial, reST
Parent: Web Framework

Comment: Enabled reST rendering.

See entry | Admin

Comment on This Data Unit