Menu
I understand that flash() takes only string and displays that in the redirected page. I m trying to send html through flash
message = "<h1>Voila! Platform is ready to used</h1>" flash(message) return render_template('output.html') output.html
<div class="flashes"> {% for message in get_flashed_messages()%} {{ message }} {% endfor %} </div> But it is displaying as string <h1>Voila! Platform is ready to used</h1> is there any way to overcome this.
657
The flash() method is used to generate informative messages in the flask. It creates a message in one view and renders it to a template view function called next. In other words, the flash() method of the flask module passes the message to the next request which is an HTML template.
Flask uses the Jinja template engine to dynamically build HTML pages using familiar Python concepts such as variables, loops, lists, and so on.
Where possible, a secure approach is to wrap your string in a Markup object before passing it to the template:
Python code:
from flask import Markup message = Markup("<h1>Voila! Platform is ready to used</h1>") flash(message) return render_template('output.html') Jinja2 Template:
<div class="flashes"> {% for message in get_flashed_messages() %} {{ message }} {% endfor %} </div> Using {{message|safe}} will work, but also opens up the door for an attacker to inject malicious HTML or Javascript into your page, also known an an XSS attack. More info here if you're interested.
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
