I am passing some html to my template like this passDict["problemText"] = <p> Some html</p>
return render(response,'main/base.html',passDict). And then displaying {{problemText}} in my html file.I get <p> Some html</p> as my text and not Some html in a paragraph like i want.
It needs to be marked as safe.
Use the safe filter.
{{ problemText|safe }}
Or use the mark_safe() method.
from django.utils.safestring import mark_safe
problemText = mark_safe("<p>Some html</p>")
Read the documentation on the safe filter and mark_safe().
Related
I'm reading a very large API, one of the fields I need, have "a" tags embedded in the item in the dictionary and when I pull it into my template and display it, it shows the "a" tags as text.
exp:
"Bitcoin uses the SHA-256 hashing... ...such as Litecoin, Peercoin, Primecoin*"
I would like to wrap this in HTML so when it displays on the page it has the actual links rather than the 'a' tags and the URL.
What I'm looking to get:
"Bitcoin uses the SHA-256 hashing... ...such as Litecoin, Peercoin, Primecoin*"
I figured it out, I used the Humanize function with the |safe tag.
Pretty simple answer.
In the settings.py add 'django.contrib.humanize' to the INSTALLED_APPS:
**INSTALLED_APPS = [
'django.contrib.humanize', ]**
In the HTML Template add
{% load humanize %}
For the data you want to format use |safe
{{ location.of.data|safe }}
This will read the text as HTML.
I have a JSON object that looks like the following:
id:
text: <h1>This is my text</h1> <p> I want to include HTML
and reflect those tags on the page. </p>
I'm using Angular2's HTTP_PROVIDER to read the data from the JSON.
In my HTML template, I am displaying the JSON.dataString on the webpage. How do I reflect the HTML tags on the webpage, currently the tags are displayed as plain text.
<p>{{jsonObject.text}}</p>
Is there a way to read in those HTML tags that are included in the JSON objects, and have them reflected on the webpage?
Something like:
<div [innerHTML]="jsonObject.text"></div>
Should display the text object as raw HTML. Be careful about XSS injection when you do something like this.
More detail at this question.
You may try to do it like this:
function textHtml(input) {
var el = document.createElement("textarea");
el.innerHTML = input;
return el.value;
}
And then use this function to get text with tags
I don't use Angular but do something like that.
<p id="myId"></p>
<script>
document.getElementById("myId").appendChild(jsonObject.text);
</script>
I did not test it.
I have to render a token, which is very long. I don't want to render it, but instead have the below code with a clipboard icon next to it.
<p>Get your ${ID_TOKEN} here!</p>
How do I escape the interpolation? React keeps trying to render it as though I was trying to render a variable.
I already tried assigning a variable equal to a string of the interpolation.
const token = "${USER_TOKEN}"
Assuming you are using ES6 and you mean to literally render '${ID_TOKEN}' you should be able to do:
<p>Get your ${`{ID_TOKEN}`} here!</p>
Super simple DEMO
I hope someone can assist me on this issue.
I am pulling details from a database to display on a twig template (using Symfony2) but the way in which it is saved in the db makes it difficult to interpret the HTML.
Basically, the HTML tags are already translated as entities in the table, e.g.:
<p>Bach Flower Crab Apple Remedy: the "cleansing" Remedy can be used both internally and externally </p><p><strong>
And so on. I have researched the rendering options in twig and tried the following (based on me rendering a loop of product descriptions):
{% set strategy = 'html' %}
{% autoescape 'html' %}
{{ product.description|escape('html')|raw }}
{% endautoescape %}
and also just:
{{ product.description|raw }}
The first method just echoes the existing content (as entities) and the second method just renders the HTML tags to the page as follows:
<p>Bach Flower Crab Apple Remedy: the "cleansing" Remedy can be used both internally and externally.</p><p><strong>...
So, as you can see, I cannot find a way to actually interpret the HTML tags in order to display the description as it should be.
Is there a way to do this? I can't do it in the PHP as all it's doing is sending an object to the template which is looped through:
public function showAction(Request $request, $store_id=0)
{
$max = 1000;
$repository = $this->getDoctrine()->getRepository('AppBundle:Product');
$products = $repository->getProductsByStoreId($store_id,$max);
$paginator = $this->get('knp_paginator');
$pagination = $paginator->paginate(
$products,
$request->query->get('page', 1),
20
);
$return['products'] = $pagination;
$return['categories'] = $this->getCategories();
return $this->render('AppBundle:tables:productstable.html.twig', $return);
}
Your core issue is that you do not have HTML in your database to begin with. At best Twig could be outputting some HTML entities, which will render visibly as "<p>...", and at "worst" Twig will escape the text to render it accurately as it actually is, which is "<p>...". Expecting Twig to output actual HTML which will render a paragraph is unrealistic, since that's not what your original data contains at all.
You'll have to HTML-decode that text in PHP first, and then output it in Twig with ..|raw. raw means that Twig will output it as is without further escaping it. Since it's nonsense to get the data from the database to then html_entity_decode it, you need to fix your data input here! Don't HTML encode data which is going into the database, it serves no purpose.
I think you have to write custom escaper plugin to decode html entities and use it like this:
{{ product.description|myawesomehtmlentitiesdecoder|raw }}
http://twig.sensiolabs.org/doc/filters/escape.html#custom-escapers for reference.
But generally, it's better to store HTML in database and then apply needed security filters on output.
I need help understanding behavior of render_string in tornado.
I am using below code.
tornado.escape.to_basestring(self.render_string("message.html", input_to_template=message))
message.html
<div class="message">{% module linkify(input_to_template["body"]) %}</div>
if message["html"] is data then the output of to_basestring is
<div class="message">data</div>\n
Now, if message["html"] is <img src="/media//uploads/Capture_23.PNG" />
<div class="message"><img src="/media//uploads/Capture_23.PNG" /></div>\n
From the documentation , this function render_string,
"""
Generate the given template with the given arguments.
We return the generated byte string (in utf8). To generate and
write a template as a response, use render() above.
"""
It does not mention anything about escaping/unescaping html tags .
How can I use this function , so that if message["html"] is <img src="/media//uploads/Capture_23.PNG" /> ,
I get output as
<div class="message"><img src="/media//uploads/Capture_23.PNG" /></div>\n
The tornado template system automatically escapes everything except the output of modules or the raw directive; modules are expected to do their own escaping. In this case the escaping is actually done by the linkify module.
linkify takes plain text and turns it into html, so it must assume that any angle brackets are meant to be shown verbatim, and escapes them. You don't want to actually pass <img> tags through linkify because it's not smart enough to see the src attribute, and if you had an absolute url it would become <img src="url">.
If you want to include message["html"] with no escaping, the simplest way is to use the raw directive: {% raw message["html"] %}. See the template docs at http://www.tornadoweb.org/en/stable/template.html