Reputation: 46284
How do I inject actual html from the model to the template?
In my admin, I have a text area where the user can input html:
<ul>
<li>blah</li>
</ul>
<p>
Stuffs
</p>
When I push the above to my template and I view the source of the page, I get:
<ul>
<li>blah</li>
</ul>
<p>
Stuffs
</p>
What should I do with my output so that I see actual html in the page source?
Upvotes: 6
Views: 2620
Answers (3)
Reputation: 536587
By “text area”, do you mean a <textarea>?
Because if so, escaping < to < (et al) is what you must do inside a textarea or any other HTML element: Django is doing the Right Thing. You see the correct, decoded version of the text on the page; who cares what the source looks like?
If you don't escape the contents of a textarea you are not only generating invalid HTML, you're also opening yourself to attacks where the user inputs:
</textarea>
<script>
steal(document.cookie);
location.href= 'russian malware site';
// etc.
</script>
Upvotes: 0
Reputation: 87211
See the template tags documentation here, check the autoescape tag description.
Upvotes: 0
Reputation: 1546
you need the 'safe' filter. As it's autoescaped.
{{ my_html|safe }}
Upvotes: 8
Related Questions
- how to insert html tags into base template? (Django Python )
- how to render html code which is render from model in template as html
- How to get data out of a Django Model and in to the HTML Template?
- How to display Django model content into html template?
- How to put html code into template in Django
- Passing html code from views to template in Django
- How to programatically insert HTML in a Django template based on attributes in a model
- Passing HTML to Template within Django
- Calling html from template
- how to properly generate html for django modelform