I use this redactor for admin site django-wysiwyg-redactor
But when I enter some text, it pastes it with html tags. When discovering my source code, I noticed that html code that is responsible for my input data, is placed in quotes.
I think you have to use "safe", the built-in template filter to render the html properly in your template. Example:
{{ myTextField|safe }}
Safe in django docs
Related
As shown in figure i used {{options|safe}} for rendering options in my django 3.0 polls application even though it is rendering like that and i don't know how to remove the tags from rendered string, thanks for help in advance
regarding tag error
To remove tags, I would recommend using Mozilla's bleach library.
In order to remove tags only in the front-end, not the data itself, you can easily create a custom template filter and clean the tags inside it.
Another cool idea would be to have list of enabled HTML tags that can be used (like making text bold with <b>...</b>) and then render the input as a valid html:
{{ options|remove_tags|safe }}
Example for a custom template filter:
#register.filter
def remove_tags(value):
return bleach.clean(value, tags=["b", "i"])
I have a form with several TinyMCE textareas. Content is loaded in some textareas when the form is called. Other textareas are empty.
The content that is preloaded into the text fields already has a <p> tag. Everything is fine with it. But i have a problem with the empty textareas. TinyMCE automatically adds a <pre> tag, which destroys the formatting and layout.
This is the process that leads to the problem:
Open the form and enter unformatted text to a empty textarea.
Save the form. The content is displayed correctly. Everything is fine so far.
Edit the form / content.
At this point, TinyMCE adds the pre tag. The tag is not yet saved in the database, it comes from the editor.
I also made some tests with preloaded content. This is the result.
Template code | TinyMCE textarea
<p>test</p> | <p>test</p>
test | <pre>test</pre>
How can I prevent TinyMCE from adding the <pre> tag? Alternatively, <pre> could also be replaced by <p>.
If you're on ColdFusion 10 or later, you should be using the OWASP ESAPI encoding functions. They handle a higher range of character encoding than HTMLEditFormat() and HTMLCodeFormat().
Output between HTML tags: <td>#encodeForHTML(variables.myVar)#</td>
Output in an HTML attribute: <input type="text" value="#encodeForHtmlAttribute(variables.myVar)#">
The cause of the problem was the use of HTMLCodeFormat instead of HTMLEditFormat before I handed the content over to TinyMCE. Both have nearly the same effect, but HTMLCodeFormat adds a <pre> tag in addition.
HTMLCodeFormat()
HTMLEditFormat()
I save a text into my database using django form, textarea widget and bootstrap wysiwyg, but when I try to render it into my template using just the variable name
{{ text }},
I get rendered just the text with html tags like this:
what I want to do is show the formatted text in html.
If you have the formatted HTML in your DB-field, and you absolutely sure is it safe, then try safe filter
{{ tablename.fieldname|safe }}
or
{{var|safe}}
See the doc.
I create a app, where I can put html code like this
<h2>where we are?</h2>
<h4>Main Offices</h4>
My problem is when I show in my view I see the text with the html tags,
I try this {{ item|striptags }} but this remove the html tag from the page, even when I inspect the element it's look like string
"where we are? Main Offices"
What is the way in django-cms to don't see the html tag in the view, but when I inspect the element the tags is there!
Django automatically escapes the output of every variable tag, to protect you from Cross-site scripting. You can disable auto-escaping by using the safe template filter: {{ item|safe }}.
so, I'm trying to write an admin form such that the admin can write html code as an input. So for this I use {% autoescape off %} to let the form bypass html code. Now, I want to have the admin have the freedom to use template tags in the entries. How can I do this?
This is nothing to do with autoescape, which is to do with HTML tags only. Whether it was on or off, it still wouldn't parse template tags in the variable text.
For this you'd have to write your own code to load and render the text as a template. This could be in your own template tag, for example.