Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rendering HTML in web.py

I am handling with a Wikipedia-like project. I can convert the text file to html code using the markdown. My problem is, I want to render this html code in a html file. Here is my code,

class articles:
    def GET(self):
        form_name=web.input()
        article_name=form_name.page
        article_file_path=os.path.join('articles',article_name)
        fp = open(article_file_path,'rU')
        text = fp.read()
        body = markdown2.markdown(text)
        return render.article_files(article_name, body)

I'm passing article_name and body(html code) to article_files.html. The body looks like,

<h1>Hai</h1>
<p>Welcome<em>Ajay</em></p>

The problem is, the body displays as it is. That is the html code is printed in the screen with all tags. I want to render this html code (body) like,

Hai
Welcome Ajay

My HTML file is:

$def with(title,content)
<html>
<head>
<title>$title</title>
</head>
<body>
    <form name="form" method="GET">
        $content
    </form>
</body>
</html>
like image 1000
Ajay Soman Avatar asked Aug 08 '11 09:08

Ajay Soman


People also ask

What does Web PY do?

web.py makes it easy to make great URLs. This imports the web.py module.


1 Answers

HTML escaping is on by default in web.py templates. To turn it off, prepend the variable name with a colon:

<form name="form" method="GET">
    $:content
</form>

Make sure there is no way for a potentially malicious user to feed arbitrary HTML into your unescaped templates.

like image 97
Helgi Avatar answered Sep 29 '22 22:09

Helgi