Reputation: 366
jinja2 flask escaping jinja2-highlight
I need to render some code in a web page, with highlight. I'm using Flask and found that I could use jinja2-highlight. It works great, but I have some problems.
What I tried :
{% highlight 'python' %}
{{ item.text }}
{% endhighlight %}
Seems to work, I have my 40 lines of code but all special char like " ... are displayed as this. So I add the |safe to the line {{ item.text }}. And now, all char are ok, but I don't see my full code, only 5 lines (the fifth line is complete).
I think I know what is the problem but don't know hw to solve it.
I have some line in my code like or and it seems that it's not escaped. Any idea why jinja2 does not escape <> ?
I'm not clear about security question with the |safe too. What does the server risks ?
Upvotes: 1
Views: 531
Answers (1)
Reputation: 46513
item.text|safe should help. It appears that you're escaping the code twice. You may have some kind of auto-escape enabled.
You don't have to care about the server safety, as long as you don't share your actual code of your site.
Upvotes: 1
Related Questions
- Jinja2 extension outputs escaped html instead of html tag
- Text escaped when I want it to show up as html in Flask/jinja2
- Escape html and markdown in flask?
- How to Correctly Escape Jinja Code on Template?
- Jinja escapes HTML in set block
- Jinja2 escape all HTML but img, b, etc
- ANSI Escape sequence in Jinja2 template
- Flask / Jinja2 - best pratice of HTML escaping
- Escape jinja2 syntax in a jinja2 template
- Markdown with Syntax highlighting in Flask