In one of my projects there was need to implement WYSIWYG-editor into django admin. I've installed http://code.google.com/p/django-tinymce/. Everything works well, but there is a problem with rendering the content made with WYSIWYG-editor. As a result, on html page returns special chars instead of normal html-tags and I see "plain" html tags with no html-layout.
Maybe the problem is in the templates? I simply output variable like {{ content }}
try {{ content|safe }}
Marks a string as not requiring
further HTML escaping prior to output.
via safe
Related
I create a app, where I can put html code like this
<h2>where we are?</h2>
<h4>Main Offices</h4>
My problem is when I show in my view I see the text with the html tags,
I try this {{ item|striptags }} but this remove the html tag from the page, even when I inspect the element it's look like string
"where we are? Main Offices"
What is the way in django-cms to don't see the html tag in the view, but when I inspect the element the tags is there!
Django automatically escapes the output of every variable tag, to protect you from Cross-site scripting. You can disable auto-escaping by using the safe template filter: {{ item|safe }}.
I am trying to create a blog o django where the admin posts blogs from the admin site.
I have given a TextField for the content and now want to give a new line.
I have tried using \n but it doesn't help. The output on the main html page is still the same with \n printing in it. I have also tried the tag and allowed tags=True in my models file. Still the same. All the tags are coming as it is on the html page.
My Django admin form submitted:
The result displayed in my public template:
You should use the template filter linebreaks, that will convert the reals \n (that means the newline in the textarea, not the ones you typed using \ then n) into <br />:
{{ post.content|linebreaks }}
Alternatively, you can use linebreaksbr if you don't want to have the surrounding <p> block of course.
After searching the internet and trying different Django Template Filters, I came across one specific filter, SAFE.
For me, LINEBREAKS filter didn't work, as provided by #Maxime above, but safe did.
Use it like this in your html template file.
{{post.content|safe}}
To have a better understanding of SAFE filter, i suggest reading the documentation.
{{post.content|linebreaks}}
This will make the line in the textbox appear as it is without using \n or \.
{{post.content|linebreaksbr}}
Besides the newline function in your CSS Declaration will work too.
In django admin I am using the textarea widget.
When I save data, it is saved inside a <p></p> tag.
I dont want this - any solutions, I just want to get the data out without being wrapped in a <p>.
Any suggestions?
I don't know how to save it without html coding, but maybe it is enough to you to display without that . Just put a |safe in the template after the variable name, example:
{{ variable|safe }}
http://docs.djangoproject.com/en/dev/ref/templates/builtins/?from=olddocs
So, I'm passing an object with a "content" property that contains html.
<div>{{ myobject.content }}</div>
I want to be able to output the content so that the characters are rendered as the html characters.
The contents of "conent" might be: <p>Hello</p>
I want this to be sent to the browser as: &lt;p&gt;Hello&lt;/p>
Is there something I can put in my template to do this automatically?
Yes, {{ myobject.content | escape }} should help (assuming you mean Django templates -- there's no specific "App Engine" templating system, GAE apps often use the Django templating system); you may need to repeat the | escape part if you want two levels of escaping (as appears to be the case in some but not all of the example you supply).
This is Django's django.utils.html.escape function:
def escape(html):
"""Returns the given HTML with ampersands, quotes and carets encoded."""
return mark_safe(force_unicode(html).replace('&', '&').replace('<', '&l
t;').replace('>', '>').replace('"', '"').replace("'", '''))
Also, see here.
My Django app has a Person table, which contains the following text in a field named details:
<script>alert('Hello');</script>
When I call PersonForm.details in my template, the page renders the script accordingly (a.k.a., an alert with the word "Hello" is displayed). I'm confused by this behavior because I always thought Django 1.0 autoescaped template content by default.
Any idea what may be going on here?
UPDATE: Here's the snippet from my template. Nothing terribly sexy:
{{ person_form.details }}
UPDATE 2: I have tried escape, force-escape, and escapejs. None of these work.
You need to mark the values as | safe I think (I'm guessing that you're filling in the value from the database here(?)):
{{ value|safe }}
Could you post a sample of the template? Might make it easier to see what's wrong
[Edit] ..or are you saying that you want it to escape the values (make them safe)? Have you tried manually escaping the field:
{{ value|escape }}
[Edit2] Maybe escapejs from the Django Project docs is relevent:
escapejs
New in Django 1.0.
Escapes characters for use in JavaScript strings. This does not make the string safe for use in HTML, but does protect you from syntax errors when using templates to generate JavaScript/JSON.
[Edit3] What about force_escape:
{{ value|force_escape }}
...and I know it's an obvious one, but you're absolutely certain you've not got any caching going on in your browser? I've tripped over that one a few times myself ;-)
Found the problem. The JSON string I'm using to render data to some Ext widgets is the culprit. Big thanks to Jon Cage. Answer accepted despite the problem being caused by another source.