How can I insert the actual html from the model into the template?

Question

How can I insert the actual html from the model into the template?

In my admin area, I have a text area where the user can enter html:

<ul>
  <li>blah</li>
</ul>
<p>
  Stuffs
</p>

When I click above on my template and I look at the source of the page, I get:

&lt;ul&gt;
  &lt;li&gt;blah&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;
  Stuffs
&lt;/p&gt;

What should I do with my result so that I see the actual html in the page source?

+5

django django-templates

Thierry lam Oct 9 '09 at 16:14

source share

3 answers

See template tag documentation here , check tag description autoescape.

0

kender Oct 9 '09 at 16:17

source share

" " <textarea>?

Because, if so, escaping <before <(and others) is what you should do inside a text box or any other HTML element: Django does the right thing. You see the correct, decrypted version of the text on the page; who cares what the source looks like?

If you do not avoid the contents of the text field, you not only generate invalid HTML, but also open yourself up for attacks when the user types:

</textarea>
<script>
    steal(document.cookie);
    location.href= 'russian malware site';
    // etc.
</script>

0

bobince Oct 9 '09 at 16:55

source share

Nixarn · Accepted Answer · 2009-10-09T16:16:39+0000

you need a "safe" filter. Because it is auto-protected.

{{ my_html|safe }}

How can I insert the actual html from the model into the template?

More articles: