Vikash Kumar
Vikash Kumar

Reputation: 145

passing html element in variable in app engine?

I am saving text in markdown in ndb datastore in app engine. While retrieving I am converting markdown into html using markdown2 library and passing it into template as parameter to render. the code is as follows:

article_content = model.Article.query(model.Article.tittle == article_tittle).fetch()

if article_content:
        for article in article_content:
        content =  markdown.markdown(article.content)
        tittle = article.tittle
        date = article.date

        params = {
            'page' : 'article',
            'tittle' : tittle,
            'content' : content
        }

        self.render_response('article.html',**params)

but when I am rendering the template, html tags are being converted as html entities as:

<article class="article">&lt;p&gt;A minimalist writing zone, where you can block out all distractions and get to what's important. The writing!bvbvbvjbvbknvbvbnvbvbn jvnbnvbgnb n vgnvbn n n bn inovblv &amp;nbsp;o &amp;nbsp;bgv vomhg bmvm vmbvl lm &amp;nbsp; mvjpbg&lt;/p&gt;&lt;p&gt;Use &lt;strong&gt;bold&lt;/strong&gt;, &lt;em&gt;italics&lt;/em&gt;, &lt;strong&gt;&lt;em&gt;both&lt;/em&gt;&lt;/strong&gt; &lt;strong&gt;and&lt;/strong&gt; &lt;a href="http://zenpen.io"&gt; urls &lt;/a&gt;_ just_ by highlighting the text and selecting them from the tiny options box that appears above it.&amp;nbsp;&lt;/p&gt;&lt;p&gt;fdbgbfbvbvbbghh&lt;/p&gt;&lt;blockquote&gt;  &lt;p&gt;Quotes are easy to add too! &amp;nbsp;fjbgbknvkbvnm i m vm vi mfbm b bo gb gbgb  gjkcdfkvc bnbv n oibio nbiffhi nfjkgfkjv &amp;nbsp;gdrf&lt;/p&gt;&lt;/blockquote&gt;&lt;p&gt;gdfbcdjifjgfgethfb&lt;/p&gt;&lt;p&gt;gfbfgbf&lt;/p&gt;&lt;p&gt;hhgbvgfgh&lt;/p&gt;</article>

if i am passing the variable as json dump or by simply self.response.write() it is passing correctly.

Is there any way to pass html elements in variable to template. I am using jinja2 for templating. Also if you can, please describe the reason for this and how app engine passes the variable to template .thanx

Upvotes: 0

Views: 95

Answers (1)

Alex Martelli
Alex Martelli

Reputation: 881557

You're running afoul of autoescaping, see http://jinja.pocoo.org/docs/dev/api/#autoescaping . As @dm03514 mentioned in a comment, best solution is not to turn autoescaping off (it would maybe expose you to "injection" attacks), but rather to specifically mark as safe, with the safe Jinjia2 built-in filter, the HTML you know is safe and want to inject as such.

Upvotes: 1

Related Questions