Reputation: 145
I am saving text in markdown in ndb datastore in app engine. While retrieving I am converting markdown into html using markdown2 library and passing it into template as parameter to render. the code is as follows:
article_content = model.Article.query(model.Article.tittle == article_tittle).fetch()
if article_content:
for article in article_content:
content = markdown.markdown(article.content)
tittle = article.tittle
date = article.date
params = {
'page' : 'article',
'tittle' : tittle,
'content' : content
}
self.render_response('article.html',**params)
but when I am rendering the template, html tags are being converted as html entities as:
<article class="article"><p>A minimalist writing zone, where you can block out all distractions and get to what's important. The writing!bvbvbvjbvbknvbvbnvbvbn jvnbnvbgnb n vgnvbn n n bn inovblv &nbsp;o &nbsp;bgv vomhg bmvm vmbvl lm &nbsp; mvjpbg</p><p>Use <strong>bold</strong>, <em>italics</em>, <strong><em>both</em></strong> <strong>and</strong> <a href="http://zenpen.io"> urls </a>_ just_ by highlighting the text and selecting them from the tiny options box that appears above it.&nbsp;</p><p>fdbgbfbvbvbbghh</p><blockquote> <p>Quotes are easy to add too! &nbsp;fjbgbknvkbvnm i m vm vi mfbm b bo gb gbgb gjkcdfkvc bnbv n oibio nbiffhi nfjkgfkjv &nbsp;gdrf</p></blockquote><p>gdfbcdjifjgfgethfb</p><p>gfbfgbf</p><p>hhgbvgfgh</p></article>
if i am passing the variable as json dump or by simply self.response.write()
it is passing correctly.
Is there any way to pass html elements in variable to template. I am using jinja2 for templating. Also if you can, please describe the reason for this and how app engine passes the variable to template .thanx
Upvotes: 0
Views: 95
Reputation: 881557
You're running afoul of autoescaping, see http://jinja.pocoo.org/docs/dev/api/#autoescaping . As @dm03514 mentioned in a comment, best solution is not to turn autoescaping off (it would maybe expose you to "injection" attacks), but rather to specifically mark as safe, with the safe
Jinjia2 built-in filter, the HTML you know is safe and want to inject as such.
Upvotes: 1