Jinja templating not working in script.js - flask

I need to include jinja templating in element.innerHTML but jinja is not working.
Code script.js:
contentDiv.innerHTML = getContent(fragmentId);
function getContent(fragmentId) {
var pages = {
quad1: `
<form class="form-inline" method="POST" id="form1">
<h3>
<input type="number" id="quad_a1" name="input_a" class="form-control mx-2 col-1" placeholder="a">
<b>x² +</b>
<input type="number" id="quad_b1" name="input_b" class="form-control mx-2 col-1" placeholder="b">
<b>x +</b>
<input type="number" name="input_c" class="form-control mx-2 col-1" placeholder="c">
<b>=</b>
<input type="number" name="input_d" class="form-control mx-2 col-2" placeholder="Default(0)">
<button type="submit" class="btn btn-primary float-right mr-5" onclick="return empty_quad()">Solve</button>
</h3>
</form>
{{ sol }}
`,
.
.
.
};
return pages[fragmentId];
}
But the output is literally {{ sol }}, not the value of sol:
So how to access the variable sol passed through flask's render_template() in script.js?


You can't use jinja2 template in your js file.
First method: You have to use inline javascript in html file using <script></script> tag, and then you can access the sol variable by assigning it to javascript variable
<script> sol = "{{sol}}" </script> // {{sol}} should be between quotation marks
Second method: If you have seperate js file. you can make a div tag, define it's class and set it's id to {{sol}}. get the element by class name and then get it's id.
Html
<div class="myclass" id="{{sol}}" style="display:none"></div>
javascript
elem= document.getElementsByClassName("myclass") ;
console.log(elem.id) // this is the sol value.


json_script
Safely outputs a Python object as JSON, wrapped in a <script> tag, ready for use with JavaScript.
Argument: HTML “id” of the <script> tag.
For example:
{{ value|json_script:"hello-data" }}
If value is the dictionary {'hello': 'world'}, the output will be:
<script id="hello-data" type="application/json">{"hello": "world"}</script>
The resulting data can be accessed in JavaScript like this:
const value = JSON.parse(document.getElementById('hello-data').textContent);
XSS attacks are mitigated by escaping the characters “<”, “>” and “&”. For example if value is {'hello': 'world</script>&'}, the output is:
<script id="hello-data" type="application/json">{"hello": "world\\u003C/script\\u003E\\u0026amp;"}</script>
This is compatible with a strict Content Security Policy that prohibits in-page script execution. It also maintains a clean separation between passive data and executable code.
django doc

Related

Jinja, loading javascript script

I have a script that overrides autocomplete
<script type="text/javascript">
$(function() {
$("#autocomplete").autocomplete({
source:function(request, response) {
$.getJSON("{{url_for('user.autocomplete')}}",{
search: request.term,
}, function(data) {
response(data.results);
});
},
minLength: 2,
}
});
})
</script>
Later in my code i have the following form
<form method=post action="{{ url_for('user.merge_user')}}">
<input name="autocomplete" type="text" id="autocomplete" class="form-control input-lg", length="20"/>
{{ form.user_name(id="autocomplete", class="form-control input-lg") }}
<input class="btn btn-default" type=submit value=Register>
</form>
The HTML input uses the script as desired but the Jinja version uses the default autocomplete method. How can I get it to use the script?

This is probably the solution you are looking for. It enables Jinja2 to load the JavaScript file before HTML is rendered.
{% block javascript %}
<script type="text/javascript">
{% include "script.js" %}
</script>
{% endblock %}
Also, a similar question can be found here.
Note that if you are using Flask with this solution (which you are), you may experience some issues related to Jinja not finding the JavaScript file on the server. IDK how to fix this; was too lazy anyways.
:3

g:render tag renders body() as plain text

I'm trying to render the template in GSP page
template:
<div class="container">
${body()}
</div>
template call:
<g:render template="/shared/wrapperTemplate">
<g:textField name="${property}" value="${value}" id="${property}id" class="form-control"/>
</g:render>
The body() is evaluated correctly and renders
<input type="text" name="name" value="" id="nameid" class="form-control" />
but when passing it to the template, it is surrounded by the quotes and instead of displaying input field, it prints the html input as string to the html page
I also tried with write TagLib
def fieldTemplate = { attrs, body ->
out << render(template: "/shared/wrapperTemplate", model: [content: body()])
}
But the result was the same (of course I had to change the tag call)
The idea was to reuse the formatting part of the template <div> for all _wrapper.gsp templates in Fields plugin, but not copy paste it. The case above is simplified, but I use Twitter Bootstrap and there is a bunch of lines that I don't want to copy.
_fields/default/_wrapper.gsp:
<div class="form-group ${hasErrors(bean:bean,field:property,'has-error')}">
<label for="${property}id" class="col-sm-2 control-label">${label}</label>
<div class="col-sm-10">
<g:textField name="${property}" value="${value}" id="${property}id" class="form-control" />
</div>
</div>
_fields/date/_wrapper.gsp:
<div class="form-group ${hasErrors(bean:bean,field:property,'has-error')}">
<label for="${property}id" class="col-sm-2 control-label">${label}</label>
<div class="col-sm-10">
<g:datePicker name="${property}" value="${value}" precision="day" id="${property}id" class="form-control" />
</div>
</div>

I am not able to understand the following lines of your post
but when passing it to the template, it is surrounded by the quotes
and instead of displaying input field, it prints the html input as
string to the html page
What is it in this case, please share the exact code which is not working.
The first example you shared is working for you, in the second example you passed content as parameter. When you are passing the parament then you need to change your code from
${body()}
to
${raw(content)}
I am still not sure what is the exact code which not working, just a wild guess.

Django template filter escaping

I've got a custom filter that takes a string and makes it into the appropriate attributes for the tooltip library I'm using. It worked with OpenTip, but I'm converting to using the tooltip library that's in Bootstrap.
Here's my filter:
from django import template
from django.utils.html import conditional_escape
from django.utils.safestring import mark_safe
register = template.Library()
#register.filter(needs_autoescape=False, is_safe=True)
def tooltip(value, autoescape=False):
"""
Filter to turn some text into the tag that the tooltip library uses -
Written as a filter so we can switch from one tooltip library to
another
"""
if autoescape:
esc = conditional_escape
else:
esc = lambda x: x
if value is not None and len(value) > 0:
retval = 'data-toggle="tooltip" data-html="true" ' +\
'rel="tooltip" title="%s"' % esc(value)
return mark_safe(retval)
else:
return ''
And here's where I'm using it in a template:
<form id="filter" name="filter" method="post"
class="form-inline">
{% csrf_token %}
<label for="filterText">Filter Query:</label>
<input type="text" id="current_filter" name="current_filter" value="{{current_filter}}" placeholder="Filter" class="span8"/>
<i class="icon-question-sign"
{{"Filters -<br>requester: [[first] [last]]|[windows_id]<br>client: [[first] [last]]|[windows_id]<br>approver: [[first] [last]]|[windows_id]<br>worker: [[first] [last]]|[windows_id]<br>ticket: [id]<br>status: [open]|[closed]|[hold]<br>type: [termination]|[extension]|[access]|[password]|baskets]<br>item: [name for category/item/attribute inventory]<br>since: [mm/dd/yyyy]|[yyyy-mm-dd]<br>before: [mm/dd/yyyy]|[yyyy-mm-dd]<br>All searchs are AND with comma delimiting"|tooltip}}></i>
<input type="submit" name="btnSubmit" class="btn" value="Filter"/>
<input id="filter_reset" type="button" name="filter_reset" class="btn" value="Clear existing filters"/>
</form>
{% endif %}
But the tooltip isn't processing the html, and when I go into Firebug and cut and paste the html, it looks like something is escaping it in spite of the fact that I marked it with mark_safe:
<form class="form-inline" method="post" name="filter" id="filter">
<input type="hidden" value="dpuAc9GNUQtvGG5wYzrWsG2Vpu5i7PWJ" name="csrfmiddlewaretoken">
<label for="filterText">Filter Query:</label>
<input type="text" class="span8" placeholder="Filter" value="" name="current_filter" id="current_filter">
<i title="Filters -<br>requester: [[first] [last]]|[windows_id]<br>client: [[first] [last]]|[windows_id]<br>approver: [[first] [last]]|[windows_id]<br>worker: [[first] [last]]|[windows_id]<br>ticket: [id]<br>status: [open]|[closed]|[hold]<br>type: [termination]|[extension]|[access]|[password]|baskets]<br>item: [name for category/item/attribute inventory]<br>since: [mm/dd/yyyy]|[yyyy-mm-dd]<br>before: [mm/dd/yyyy]|[yyyy-mm-dd]<br>All searchs are AND with comma delimiting" rel="tooltip" data-html="true" data-toggle="tooltip" class="icon-question-sign">
</i>
<input type="submit" value="Filter" class="btn" name="btnSubmit">
<input type="button" value="Clear existing filters" class="btn" name="filter_reset" id="filter_reset">
</form>
How do I get the html in that filter text into the page without the being escaped?

Try using safe:
{{"Filters -<br>requester: [[first] [last]]|[windows_id]<br>client: [[first] [last]]|[windows_id]<br>approver: [[first] [last]]|[windows_id]<br>worker: [[first] [last]]|[windows_id]<br>ticket: [id]<br>status: [open]|[closed]|[hold]<br>type: [termination]|[extension]|[access]|[password]|baskets]<br>item: [name for category/item/attribute inventory]<br>since: [mm/dd/yyyy]|[yyyy-mm-dd]<br>before: [mm/dd/yyyy]|[yyyy-mm-dd]<br>All searchs are AND with comma delimiting"|safe|tooltip}}
Or you can try removing esc from your tooltip tag.
Edit:
I just realized what you are trying to do. You cannot put html inside a tooltip in bootstrap, it's a plaintext feature only. data-html="true" allows it to contain html content. You can also use popover. Above safe filter should still be used in order to disable html escaping.

Turns out the problem was much stupider than what I thought it was - I had my <script> tags in the wrong order so I was getting the jQuery-UI tooltip instead of the Bootstrap tooltip, and the jQuery-UI tooltip doesn't support html.

How to validate email id in angularJs using ng-pattern

Am trying to validate an Email id field in angularJs using ng-pattern directive.
But am new to AngularJs. I need to show an error message as soon as the user enters the wrong email id.
The code which I have below is am trying to solve. Help me out with using ng-pattern for getting the proper result.
<script type="text/javascript" src="/Login/script/ang.js"></script>
<script type="text/javascript">
function Ctrl($scope) {
$scope.text = 'enter email';
$scope.word = /^[a-z]+[a-z0-9._]+#[a-z]+\.[a-z.]{2,5}$/;
}
</script>
</head>
<body>
<form name="myform" ng-controller="Ctrl">
<input type="text" ng-pattern="word" name="email">
<span class="error" ng-show="myform.email.$error.pattern">
invalid email!
</span>
<input type="submit" value="submit">
</form>
</body>

If you want to validate email then use input with type="email" instead of type="text". AngularJS has email validation out of the box, so no need to use ng-pattern for this.
Here is the example from original documentation:
<script>
function Ctrl($scope) {
$scope.text = 'me#example.com';
}
</script>
<form name="myForm" ng-controller="Ctrl">
Email: <input type="email" name="input" ng-model="text" required>
<br/>
<span class="error" ng-show="myForm.input.$error.required">
Required!</span>
<span class="error" ng-show="myForm.input.$error.email">
Not valid email!</span>
<br>
<tt>text = {{text}}</tt><br/>
<tt>myForm.input.$valid = {{myForm.input.$valid}}</tt><br/>
<tt>myForm.input.$error = {{myForm.input.$error}}</tt><br/>
<tt>myForm.$valid = {{myForm.$valid}}</tt><br/>
<tt>myForm.$error.required = {{!!myForm.$error.required}}</tt><br/>
<tt>myForm.$error.email = {{!!myForm.$error.email}}</tt><br/>
</form>
For more details read this doc: https://docs.angularjs.org/api/ng/input/input%5Bemail%5D
Live example: http://plnkr.co/edit/T2X02OhKSLBHskdS2uIM?p=info
UPD:
If you are not satisfied with built-in email validator and you want to use your custom RegExp pattern validation then ng-pattern directive can be applied and according to the documentation the error message can be displayed like this:
The validator sets the pattern error key if the ngModel.$viewValue
does not match a RegExp
<script>
function Ctrl($scope) {
$scope.text = 'me#example.com';
$scope.emailFormat = /^[a-z]+[a-z0-9._]+#[a-z]+\.[a-z.]{2,5}$/;
}
</script>
<form name="myForm" ng-controller="Ctrl">
Email: <input type="email" name="input" ng-model="text" ng-pattern="emailFormat" required>
<br/><br/>
<span class="error" ng-show="myForm.input.$error.required">
Required!
</span><br/>
<span class="error" ng-show="myForm.input.$error.pattern">
Not valid email!
</span>
<br><br>
<tt>text = {{text}}</tt><br/>
<tt>myForm.input.$valid = {{myForm.input.$valid}}</tt><br/>
<tt>myForm.input.$error = {{myForm.input.$error}}</tt><br/>
<tt>myForm.$valid = {{myForm.$valid}}</tt><br/>
<tt>myForm.$error.required = {{!!myForm.$error.required}}</tt><br/>
<tt>myForm.$error.pattern = {{!!myForm.$error.pattern}}</tt><br/>
</form>
Plunker: https://plnkr.co/edit/e4imaxX6rTF6jfWbp7mQ?p=preview

There is nice example how to deal with this kind of problem modyfing built-in validators angulardocs. I have only added more strict validation pattern.
app.directive('validateEmail', function() {
var EMAIL_REGEXP = /^[_a-z0-9]+(\.[_a-z0-9]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/;
return {
require: 'ngModel',
restrict: '',
link: function(scope, elm, attrs, ctrl) {
// only apply the validator if ngModel is present and Angular has added the email validator
if (ctrl && ctrl.$validators.email) {
// this will overwrite the default Angular email validator
ctrl.$validators.email = function(modelValue) {
return ctrl.$isEmpty(modelValue) || EMAIL_REGEXP.test(modelValue);
};
}
}
};
});
And simply add
<input type='email' validate-email name='email' id='email' ng-model='email' required>

According to the answer of #scx ,I created a validation for GUI
app.directive('validateEmail', function() {
var EMAIL_REGEXP = /^[_a-z0-9]+(\.[_a-z0-9]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/;
return {
link: function(scope, elm) {
elm.on("keyup",function(){
var isMatchRegex = EMAIL_REGEXP.test(elm.val());
if( isMatchRegex&& elm.hasClass('warning') || elm.val() == ''){
elm.removeClass('warning');
}else if(isMatchRegex == false && !elm.hasClass('warning')){
elm.addClass('warning');
}
});
}
}
});
And simply add :
css
.warning{
border:1px solid red;
}
html
<input type='email' validate-email name='email' id='email' ng-model='email' required>

This is jQuery Email Validation using Regex Expression. you can also use the same concept for AngularJS if you have idea of AngularJS.
var expression = /^[\w\-\.\+]+\#[a-zA-Z0-9\.\-]+\.[a-zA-z0-9]{2,4}$/;
Source.

You can use ng-messages
<script src="http://ajax.googleapis.com/ajax/libs/angularjs/1.5.3/angular-messages.min.js"></script>
include the module
angular.module("blank",['ngMessages']
in html
<input type="email" name="email" class="form-control" placeholder="email" ng-model="email" required>
<div ng-messages="myForm.email.$error">
<div ng-message="required">This field is required</div>
<div ng-message="email">Your email address is invalid</div>
</div>

Below is the fully qualified pattern for email validation.
<input type="text" pattern="/^[_a-z0-9]+(\.[_a-z0-9]+)*#[a-z0-9-]*\.([a-z]{2,4})$/" ng-model="emailid" name="emailid"/>
<div ng-message="pattern">Please enter valid email address</div>

Now, Angular 4 has email validator built-in
https://github.com/angular/angular/blob/master/CHANGELOG.md#features-6
https://github.com/angular/angular/pull/13709
Just add email to the tag. For example
<form #f="ngForm">
<input type="email" ngModel name="email" required email>
<button [disabled]="!f.valid">Submit</button>
<p>Form State: {{f.valid?'VALID':'INVALID'}}</p>
</form>

angularjs controller way, just an example to look for one or more email in the body of a message.
sp = $scope.messagebody; // email message body
if (sp != null && sp.match(/([\w-]+(?:\.[\w-]+)*)#((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)\S+/)) {
console.log('Error. You are not allowed to have an email in the message body');
}

I tried #Joanna's method and tested on the following websites and it didn't work.
https://regex101.com/
https://www.regextester.com/
https://regexr.com/
I then modified it to and it worked.
/([\w-]+(?:\.[\w-]+)*)#((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)\S+

I have tried wit the below regex it is working fine.
Email validation : \w+([-+.']\w+)#\w+([-.]\w+).\w+([-.]\w+)*

Spend some time to make it working for me.
Requirement:
single or comma separated list of e-mails with domains ending name.surname#gmail.com or team-email#list.gmail.com
Controller:
$scope.email = {
EMAIL_FORMAT: /^\w+([\.-]?\w+)*#(list.)?gmail.com+((\s*)+,(\s*)+\w+([\.-]?\w+)*#(list.)?gmail.com)*$/,
EMAIL_FORMAT_HELP: "format as 'your.name#gmail.com' or comma separated 'your.name#gmail.com, my.name#list.gmail.com'"
};
HTML:
<ng-form name="emailModal">
<div class="form-group row mb-3">
<label for="to" class="col-sm-2 text-right col-form-label">
<span class="form-required">*</span>
To
</label>
<div class="col-sm-9">
<input class="form-control" id="to"
name="To"
ng-required="true"
ng-pattern="email.EMAIL_FORMAT"
placeholder="{{email.EMAIL_FORMAT_HELP}}"
ng-model="mail.to"/>
<small class="text-muted" ng-show="emailModal.To.$error.pattern">wrong</small>
</div>
</div>
</ng-form>
I found good online regex testing tool.
Covered my regex with tests:
https://regex101.com/r/Dg2iAZ/6/tests

Use below regular expression
^[_\.0-9a-z-]+#([0-9a-z][0-9a-z-]+)+((\.)[a-z]{2,})+$
It allows
test#test.com
test#test.co.in
test#test.gov.us
test#test.net
test#test.software

How can I access data sent in a post request in Django?

I have a form that is supposed to create a new 'Quote' record in Django. A 'Quote' requires a BookID for a foreign key.
This is my form
<form method="POST" action="{% url 'quotes:createQuote' %}">
{% csrf_token %}
<section>
<label for="q_text">Quote Text</label>
<input type="text" name="text" id="q_text" placeholder="Enter a Quote" style="padding-left:3px"> <br>
<label for="q_book">Book ID</label>
<input type="text" name="bookID" id="q_book" placeholder="Enter Book ID" style="padding-left:3px"> <br>
<label for="q_disp">Display Quote Now?</label>
<input type="radio" name="display" id="q_disp" value="True"> True
<input type="radio" name="display" value ="False">False <br>
<button value="submit">Submit</button>
</section>
</form>
And this is the method that it is targeting
def createQuote(request):
#b = get_object_or_404(Book, pk=request.bookID)
return HttpResponseRedirect(reverse('quotes:index'))
Somewhere in that request argument I assume there is some sort of field that contains the bookID the user will pass in on the form. How do I get at that information?
Bonus points for anyone who can tell me some way I can visualise data like I might with console.log(some.collection) in Javascript

if request.method == "POST":
book_id = request.POST['book_id']
Assuming you're sure it's in there. Otherwise you'll need to verify/provide a default value like you would for a normal python dictionary.
As for visualising the data, do you mean printing it to the console? In which case if you're running the django runserver you can just do print some_data. If you want it formatted a little nicer, you can use pretty print:
import pprint
pp = pprint.PrettyPrinter()
pp.pprint(some_data)