Menu
Odoo email template is using the email_from in the email template. in that i have seen some example like
${(object.email or '')|safe}
here is the screenshot
in that i am getting confused with the |safe, i wanted to know the use of '|safe'.
997
The framework will escape HTML automatically. But when you have to prevent the template from escaping the HTML you can use 'safe' filter. The use of safe filter on variables in which users are having control may leads to XSS (JS injection) vulnerabilities.
141
Well Safe is basically a filters , Filters are separated from the variable by a pipe symbol (|).
So the Output of ${(object.email or '')|safe} will be produce as
${safe(object.email or '')}.
Safe is used to preventing the template from escaping the HTML content. Safe Filter explicitly marks a string as "safe", thus it should not be automatically-escaped even if auto-escaping is enabled by the ODOO framework.
For more details please visit:
http://jinja.pocoo.org/docs/dev/templates/#working-with-manual-escaping http://jinja.pocoo.org/docs/dev/templates/#working-with-automatic-escaping
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
