Paul R
Reputation: 2797
Use text both as Safetext and in url in Django
Suppose I want to convert the string [[w'ord]] into the link <a href="example.com?q=w'ord">w'ord</a>
Since input can be anything, I want to make it safe by applying conditional_escape (so, before making link I apply conditional_escape and string becomes [[w'ord]]).
But in this case ' becomes unapplicable for the link because of the ampersand.
How can make the word safe for the html output and safe in the link?
Thank you.
Upvotes: 1
Views: 211
Answers (1)
Selcuk
Reputation: 59415
You must use django.utils.http.urlquote for the URL and django.utils.html.conditional_escape for the link text:
>>> from django.utils.http import urlquote
>>> from django.utils.html import conditional_escape
>>> urlquote("w'ord")
'w%27ord'
>>> conditional_escape("w'ord")
'w'ord'
Upvotes: 1
Related Questions
- How to send text by template via url in Django?
- Django prevent data from passing in URL
- How to get string from a django.utils.safestring.SafeText
- Django how to mark_safe a link but not the arguments in a gettext translation
- How to secure URLs in Django
- Django - mark only certain part of string / user input as safe?
- Django: safe and unsafe html tag <a> with template-supplied URLs
- Sanitize user input for inclusion in href attribute?
- Django - Filter URL in texts
- url templatetag with "safe" arguments?