Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django, automatic HTML "sanitizing" when putting HTML to template, how to stop it?

I'm kind of confused by this because it seems that Django templates have optional HTML filters but this seems to be happening automatically.. I am making this demo app where the user will do an action that calls a python script which retrieves a url, I then want to display this in a new window.. its all fine except when the display comes back, the HTML is sanitized in this format (I see this when I view the page source, in the browser it shows as regular HTML:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" http-equiv="content-type" /><script type="text/javascript">//<![CDATA[
si_ST=new Date

this is the regular HTML version of the same:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" http-equiv="content-type" /><script type="text/javascript">//<![CDATA[ si_ST=new Date //]]></script><script type="text/javascript">//<![CDATA[ _G={ST:(si_ST?si_ST:new Date),Mkt:"en-

I'm just outputting this to a basic block in my html template, the template has no other formatting (no HTML, etc), just 1 block where this output goes.. any advice on why this is happening and how to display the regular HTML (so it would show the page in the browser and not the HTML text) is appreciated.. thanks

like image 546
Rick Avatar asked Aug 23 '10 20:08

Rick


2 Answers

Use the safe filter:

{{ myvariable|safe }}

If you need large parts of your template treated like this (that is, if you find yourself using |safe over and over), you can disable the autoescaping whole-sale:

{% autoescape off %}
blah {{myvariable}} blah {{myothervariable}}
{% endautoescape %}
like image 93
Ned Batchelder Avatar answered Sep 30 '22 19:09

Ned Batchelder


Take a look at the "safe" filter, which disables Django's default escaping:

http://docs.djangoproject.com/en/1.2/ref/templates/builtins/#safe

like image 40
Faisal Avatar answered Sep 30 '22 18:09

Faisal