Web2py (save) use of HTML tags in database (text) dleid

Question

How can you, in a safe way, enter (en render) hmtl tags in a web2py database textfield. Entered by an end user?

Answer 1

You can save the HTML in the database as you receive it, and then render it (relatively) safely via:

{{=XML(html, sanitize=True)}}

XML() also takes permitted_tags and allowed_attributes arguments for more fine-grained control. For details, see the book.