Reputation: 317
Django forms templates escape
{% if form.subject.errors %}
<ol>
{% for error in form.subject.errors %}
<li><strong>{{ error|escape }}</strong></li>
{% endfor %}
</ol>
{% endif %}
I have taken the above code from a template, a form is passed in under the key 'form' However, i have never encountered |escape before? Is | the or bitwise operator?
Upvotes: 2
Views: 916
Answers (1)
Reputation: 476503
No, this is the |escape template filter [Django-doc]. As is specified by the documentation:
Escapes a string’s HTML. Specifically, it makes these replacements:
<is converted to<>is converted to>'(single quote) is converted to'"(double quote) is converted to"&is converted to&Applying escape to a variable that would normally have auto-escaping applied to the result will only result in one round of escaping being done. So it is safe to use this function even in auto-escaping environments. If you want multiple escaping passes to be applied, use the
force_escapefilter.
It is likely in a {% autoscape off %}…{% endautoescape %} block [Django-doc], since by default Django already escapes the items. It will thus make sure that if the variable is a string that contains characters that can be interpreted as html, these are escaped to prevent that.
Upvotes: 2
Related Questions
- How to prevent auto escape in Django templates?
- How to avoid escape for Django tags in HTML
- Django form using HTML template
- Easy Way to Escape Django Template Variables
- form templating in django
- Django template escaping
- Working with django form templates
- how to stop django template code from escaping
- escape problem in django templates
- How do you escape tags in django templates?