This feels like a really silly issue, but I'm confused by the behavior of django-zinnia, a blog creation module.
When I test enter a plain text post, it appends each sentence with html < p > tags the browser doesn't read as html.
Example, if I enter this into the database (no html):
The entry from the db renders on page itself like this as if the < p > markup was plain text:
Within Zinnia, these html tags are being generated as part of the {{ object_content }} object in _entry_detail_base.html
<div class="entry-content">
{{ object_content }}
</div>
I've looked through the entry.py models within Zinnia and I'm having trouble identifying where these tags are coming from or how they're being passed in in a way the browser doesn't interpret them for what they are (html). Is there a filter I can apply that might solve this? thanks
That's the default behavior for Django templates. Use {{ object_content|safe }} or {% autoescape off %} {{ object_content }} {% endautoescape %} (for multiple variables) to prevent html entities from being escaped.
Note that using the safe filter doesn't automatically mean the output is not escaped if you use another filter after it.
Check the Zinnia's source code: https://github.com/Fantomas42/django-blog-zinnia/blob/master/zinnia/templates/zinnia/_entry_detail_base.html
It's using |safe template tag:
<div class="entry-content">
{{ object_content|safe }}
</div>
Related
I'm learning Drupal8 and Twig with Chaz Chumley's book 'Drupal 8 Theming with Twig'.
When I put in the code provided I don't get the desired result. (Chapter 3, Filters)
The book says to add the following to the page.html.twig file:
{% filter upper %}
<p>{{ name }} is the best cms around.</p>
{% endfilter %}
but the page outputs
<P>DRUPAL IS THE BEST CMS AROUND.</P>
(Showing the html tags on the page as shown here)
Is there something I'm missing to have the twig filter not change the HTML tags? or is the only solution to put the filter inside the tag? but this filter is supposed to "wrap sections of HTML and variables" so why is it affecting HTML tags?
You can put the filter around just the text, so it ends up as:
<p>{% filter upper %}{{ name }} is the best cms around.{% endfilter %}</p>
You can test your twig code here: https://twig.stapps.io/
Can you give this a try:
<p>{{ 'your text'|upper }}</p>
Also, check out https://drupal.stackexchange.com/ if you have any more drupal related questions.
I'm trying to display some HTML markup in a blog, and would like to know if there is a way to wrap a section of my Django template directly, without putting it into a context variable.
For example, I would like to output a bunch of code, some of it JavaScript, and some of it HTML, and some of it CSS. If I enter in the code directly into my Django template, and wrap it in some pre tags:
<pre>
/* Here is the markup I want to display: */
... lots of HTML
</pre>
the HTML tags are rendered.
Of course, to display:
<
I should use
<
and to display
>
I should use
>
I tried adding the Django tag {% autoescape on %} around the code section, but it had no effect because I'm not rendering a context variable.
I would like to know if there is an easier way than replacing every occurrence of < with < and every occurrence of > with >
I also know that if I put the code that I want to display into a context variable, then in my template, just displaying that context variable would automatically escape the code.
But I would rather just be able to directly cut and paste the code I want to display into my template. Is there a way to do this and display the HTML tags (i.e.
<h1> Heading Level 1 </h1>
without writing it in my template as:
<h1> Heading Level 1 </h1>
You have to use xmp tags.
<xmp>
<h1>Testing Html</h1>
</xmp>
This question is old, but it pops on search engines and no answer is correct imo.
SÅ‚awek Kabik's is deprecated, Smit Patel's is overly complicated (it bloats views).
In order to do what OP asked for, you have to use the force_escape built-in filter in a {% filter %} tag.
Example:
<pre>
<code>
{% filter force_escape %}
<span class="hello">Anything HTML really</span>
{% endfilter %}
</code>
</pre>
Output:
<pre>
<code>
<span class="hello">Anything HTML really</span>
</code>
</pre>
NOTE: Before you try to implement manually, please have a look at ckeditor.
ckeditor documentation
if this is not what you are looking for, then only proceed with answer.
Just Wrap your variable inside following Django template tag.
{% autoescape off %}
{{your_variable_here}}
{% endautoescape %}
put HTML code in "your_variable_here" variable And Django Will Display It as HTML. All HTML Tags will Work.
EDIT:
Sorry, I missed important part to mention.
in views do this
from django.template.loader import render_to_string
rendered = render_to_string('my_template.html', {'foo': 'bar'})
and pass this rendered string to template variable and render the given template inside other template by putting lines
{% autoescape off %}
{{rendered}}
{% endautoescape %}
When DEBUG=True a variable containing HTML is just printed in the template and not interpeted as HTML. This is the correct behavior.
On the other hand, when DEBUG=False (just changing this) the variable's content is interpreted as HTML and I cannot understand why. I'm not using the safe filter.
My template is as follows:
<pre id="copy-source-{{ forloop.counter }}">
<code>{{ code }}</code>
</pre>
In one case, code happens to be HTML code, specifically:
<img src="bblabla" />
and the page displays the image instead of the code, even if it's inside a pre-code!?
Try this
{% autoescape off %}
{{var_containing_html}}
{% endautoescape %}
I hope this will help.
Good luck.
P.S. Also see docs
I want to use liquid tags in a page on a Jekyll site. I have used them successfully in layout files, but when I use them in a page they are not parsed by Liquid.
The page is in html format not Markdown. The page has valid YAML front-matter that is being successfully used by the layout file. Here's the code for the page that isn't parsing:
---
layout: default
title: Media
id: media
order: 2
---
<section id="photos">
<h2>Photographs</h2>
<div id="galleries">
{% for set in site.flickr-sets %}
<div class="gallery" data-set="{{ set }}"></div>
{% endfor %}
</div>
</section>
Is there any obvious reason why this isn't working? I really need to be able to access the site global variable...
EDIT
It seems this issue isn't confined to just that page. I tried creating a new page and using some liquid syntax and got the same result. It's also any liquid syntax not just tags.
In the layout file that these pages use I include the content of the page using {{ page.content }} rather than just {{ content }}. Could that be relevant?
{{ content }} works and it's different than {{ page.content }}
{{ content }} it's parsing all liquid syntax :)
Hope that helps.
So it seems that the answer is that as I suspected. I tested the same code using a new layout file that just called {{ content }} and it rendered correctly. I'm assuming this means that when Jekyll builds it stores raw content in the page object. This is why pages with only html (or Markdown) were being rendered correctly, but any Liquid syntax was not being parsed.
Although this technically answers the question, I still haven't figured out how to solve my problem! It would be useful if there was some sort of filter I could add to {{ page.content }} to make it parse the Liquid syntax.
I know this may be a little late, but I dug up something called {{ page.output }} which is the rendered content of the page.
I pass a variable to my twig template in Symfony2, this variable may contain <br /> html tags, I have tried to create an extension (function), but the variable still gets escaped.
How can I output a twig variable that allows the <br /> tag? Is there a simple solution to just allow a whitelist of allowed tags in certain templates?
I've searched about twig sandboxes, but I'm not sure if that is my solution.
edit: I still want the variable to be escaped, but to allow exclusively the <br /> tag.
Actually, you can use native PHP function strip_tags by following:
{{ var|striptags('<br>')|raw }}
you can allow multiple tags with following code:
{{ var|striptags('<br><p>')|raw }}
You can do like that :
{{ text | striptags('<p><b><br') | raw }}
For instance,
<br>
won't escape
<br> and <br />
and
<p>
won't escape
<p> and </p>
etc.
Initially I thought it should be possible to write custom escaper strategies so you could do something like this:
{{ var|escape('html-custom') }}
Unfortunately it's not the case. Only available strategies are html and js. They're hard coded in the twig_escape_filter() function defined in a Twig_Extension_Core class file.
It seems that your only option is to write custom estension with a new filter:
{{ var|raw|customescape }}
Here's an example of custom twig extension and how to register it in Symfony: Symfony2 Twig extension
{{ var|striptags('<br>')|raw }}
works fine, but I don't know how to pass an array to the strip_tags php function with this twig filter.
both
{{ var|striptags(['<br>', '<b>'])|raw }}
and
{% set allow = ['<br>', '<b>'] %}
{{ var|striptags(allow)|raw }}
throw an "Array to string conversion" exception during the rendering of a template.
Be also carefull that strip_tags php function doesn't escape html attribute like "onclick".
{{ var|nl2br }}
and/or
{{ var|raw|nl2br }}
nl2br reference