Menu
In GAE I use jinja2 with the autoescape, and everything works well.
import jinja2
jinja_env = jinja2.Environment(loader = jinja2.FileSystemLoader(template_dir), autoescape = True)
In one template I don't want the autoescape, so I tried to disable it like this:
{% autoescape false %}
{{content}}
{% endautoescape %}
When it's time to render this template I get the message Encountered unknown tag 'autoescape'.
762
B701: Test for not auto escaping in jinja2 When autoescaping is enabled, Jinja2 will filter input strings to escape any HTML content submitted via template variables. Without escaping HTML input the application becomes vulnerable to Cross Site Scripting (XSS) attacks. Unfortunately, autoescaping is False by default.
The high-level API is the API you will use in the application to load and render Jinja2 templates. The Low Level API on the other side is only useful if you want to dig deeper into Jinja2 or develop extensions. The core component of Jinja is the Environment .
Try this:
{{ content | safe}}
docs:
153
In order for the autoescape tag to be recognized, you need to enable the autoescape extension when setting up jinja2, like this:
jinja_env = jinja2.Environment(loader = jinja2.FileSystemLoader(template_dir),
autoescape = True,
extensions = ['jinja2.ext.autoescape'])
Also, make sure you're using jinja2 version 2.4 or higher in your app.yaml (the current version is GAE is 2.6):
libraries:
- name: jinja2
version: "2.6"
For more information, see the documentation for the autoescape extension.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
