Rendering newlines in user-submitted content (Python web app)

Question

I have a web.py app that takes input from a textarea and inputs it to a database. I can get the information from the database and post it to the page but the NEWLINES are g

Answer 1

You need some basic understanding of what's going on before coming up with a solution. If you don't understand the problem, the “throw in another library” approach either won't work at all (better), or will backfire soon (worse).

@MichelMüller is correct in stating that \ns in the HTML source are not rendered as such in the browser. See this tutorial (caveat, HTML 2.0 described) for a more detailed explanation of this behaviour. Now, to put a line break in HTML, you use
; to put a new paragraph,

.

You can do a lot of things to achieve this, but what's the problem you're solving? What is this user-submitted content? Who submits it? Two aspects to think about are:

1. Formatting. Is it a comment on a public site, or a post prepared by the website staff, or UGC on a site like Stack Overflow?
2. Security. Is it posted by a stranger, or by a user having full trust, or setting in-between?

Possible solutions:

• The most direct approach is to run text.replace('\r\n', '
') before outputting it to the template formatter. In won't work if you don't put a { text | safe } in the template, because Jinja should not escape
s you generated. However, the text itself should not have full trust, so you have to escape < and & (at least) before you replace the newlines.

• Take a look at MarkupSafe for a less ad-hoc approach of dealing with HTML escapes. It is employed by Jinja, by the way.

• For formatting of unstructured content (i.e., user-submitted comments a la YouTube), take a look at the PottyMouth library.

• If your content is more prepared (posts on a blogging platform or Stack Overflow-like site), try Markdown, as suggested by @BernhardKircher. It has some learning curve, so it works best if the users are willing to invest some time writing posts. Remember to configure the parser correctly, because core Markdown does not escape HTML.

• For staff-prepared content, you can use Markdown or something more sophisticated. It really depends on the staff's background. Here, unescaped HTML might be a blessing, not a curse.