Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django Template Variables and Javascript

Tags:

python

javascript

django

google-app-engine

django-templates

People also ask

Can I use Django template variable in JavaScript?

As of Django 2.1, a new built in template tag has been introduced specifically for this use case: json_script . The new tag will safely serialize template values and protects against XSS. Django docs excerpt: Safely outputs a Python object as JSON, wrapped in a tag, ready for use with JavaScript.

Can we use JavaScript in Django?

While most of Django core is Python, the admin and gis contrib apps contain JavaScript code. Please follow these coding standards when writing JavaScript code for inclusion in Django.

The {{variable}} is substituted directly into the HTML. Do a view source; it isn't a "variable" or anything like it. It's just rendered text.

Having said that, you can put this kind of substitution into your JavaScript.

<script type="text/javascript"> 
   var a = "{{someDjangoVariable}}";
</script>

This gives you "dynamic" javascript.


CAUTION Check ticket #17419 for discussion on adding similar tag into Django core and possible XSS vulnerabilities introduced by using this template tag with user generated data. Comment from amacneil discusses most of the concerns raised in the ticket.

I think the most flexible and handy way of doing this is to define a template filter for variables you want to use in JS code. This allows you to ensure, that your data is properly escaped and you can use it with complex data structures, such as dict and list. That's why I write this answer despite there is an accepted answer with a lot of upvotes.

Here is an example of template filter:

// myapp/templatetags/js.py

from django.utils.safestring import mark_safe
from django.template import Library

import json


register = Library()


@register.filter(is_safe=True)
def js(obj):
    return mark_safe(json.dumps(obj))

This template filters converts variable to JSON string. You can use it like so:

// myapp/templates/example.html

{% load js %}

<script type="text/javascript">
    var someVar = {{ some_var | js }};
</script>

A solution that worked for me is using the hidden input field in the template

<input type="hidden" id="myVar" name="variable" value="{{ variable }}">

Then getting the value in javascript this way,

var myVar = document.getElementById("myVar").value;

As of Django 2.1, a new built in template tag has been introduced specifically for this use case: json_script.

https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#json-script

The new tag will safely serialize template values and protects against XSS.

Django docs excerpt:

Safely outputs a Python object as JSON, wrapped in a tag, ready for use with JavaScript.

Related questions

How to generate unique ID with node.js
Question mark and colon in JavaScript
Bundler not including .min files
The create-react-app imports restriction outside of src directory
Converting an array to a function arguments list [duplicate]
How to check if a string array contains one string in JavaScript? [duplicate]
ArrayBuffer to base64 encoded string
Rails - Could not find a JavaScript runtime?
Passing variables to the next middleware using next() in Express.js
JavaScript/jQuery to download file via POST with JSON data
Using an HTML button to call a JavaScript function
jQuery pass more parameters into callback
How to make Regular expression into non-greedy?
Overriding interface property type defined in Typescript d.ts file
jQuery: Check if div with certain class name exists
Is there an equivalent for var_dump (PHP) in Javascript?
JavaScript single line 'if' statement - best syntax, this alternative? [closed]
How to loop through array in jQuery?
Difference between the created and mounted events in Vue.js
Any difference between await Promise.all() and multiple await?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!