Read Catalogue
- 1.HTML Escape
- 2. Characters that will be automatically escaped
- 3. Turn off escape
- 4. String literals
Back to top of 1. HTML escape
- Django automatically HTML-escapes the string, such as the following values in the template:
View Code: DEF index (Request): return render (Request, ' temtest/index2.html ', { ' T1 ': '
Back to top 2. Characters that will be automatically escaped
- HTML escape, which is the output of the included HTML tags, is not interpreted, because when the user submits the string, it may contain some offensive code, such as JS script
- Django automatically escapes the following characters:
< will be converted to <> will be converted to > ' (single quotes) will be converted to & #39; " (double quotes) will be converted to "& converted to &
- Use escape filter When displaying untrusted variables, generally omitted because Django automatically escapes
{{T1|escape}}
Back to top 3. Turn off escape
- Use safe filters for variables
{{Data|safe}}
- Use Autoescape tags for code blocks
{% autoescape off%} {{Body}} {% Endautoescape%}
- Label Autoescape accept on or off parameters
- The auto-escape label is closed in the base template and is also closed in the child template
Back to top 4. String literals
{{data|default: ' <b>123</b> '}}
{{data|default: ' <b>123</b> '}}
4 template Layer-HTML escape