Django template escaping

后端未结

关注

 4  1329

逝去的感伤 2020-12-09 08:05

Django templating system provides a few options (filters) for escaping contents in the html, but they are kind of confusing to me as a beginner. Say I\'m following a tutoria

4条回答

难免孤独 (楼主)

2020-12-09 08:19
HTML escaping is on by default in Django templates.

Autoescape is a tag. not a filter:
```
{% autoescape on %}
    {{ post.content }}
{% endautoescape %}
```
The 'escape' filter escapes a string's HTML. Specifically, it makes these replacements:
- < is converted to <
- > is converted to >
- ' (single quote) is converted to '
- " (double quote) is converted to "
- & is converted to &
The 'force_escape' is almost identical to 'escape' except for a few corner cases.

The 'safe' filter will mark your content as safe, so it won't be escaped (will be sent to browser as is).

Which filter should I use to have special characters converted to html entities automatically?

Well, you mean, like converting Ã to Ã? Stick with utf-8 encoding all the way and forget about those.
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...