4 template Layer-HTML escape

Read Catalogue

• 1.HTML Escape
• 2. Characters that will be automatically escaped
• 3. Turn off escape
• 4. String literals

Back to top of 1. HTML escape

• Django automatically HTML-escapes the string, such as the following values in the template:

View Code: DEF index (Request):    return render (Request, ' temtest/index2.html ',                  {                      ' T1 ': ' 

 
 

  
  
 
   
Display effects such as:
 
  
 
 



Back to top 2. Characters that will be automatically escaped
 
 

  
  
 
   
HTML escape, which is the output of the included HTML tags, is not interpreted, because when the user submits the string, it may contain some offensive code, such as JS script
 
   
Django automatically escapes the following characters:
 
  
 
 
< will be converted to &lt;> will be converted to &gt; ' (single quotes) will be converted to & #39; " (double quotes) will be converted to &quot;& converted to &amp;

 
 

  
  
 
   
Use escape filter When displaying untrusted variables, generally omitted because Django automatically escapes
 
  
 
 
{{T1|escape}}
Back to top 3. Turn off escape
 
 

  
  
 
   
Use safe filters for variables
 
  
 
 
{{Data|safe}}

 
 

  
  
 
   
Use Autoescape tags for code blocks
 
  
 
 
{% autoescape off%} {{Body}} {% Endautoescape%}

 
 

  
  
 
   
Label Autoescape accept on or off parameters
 
   
The auto-escape label is closed in the base template and is also closed in the child template
 
  
 
 
Back to top 4. String literals
 
 

  
  
 
   
Manual escape
 
  
 
 
{{data|default: ' <b>123</b> '}}

 
 

  
  
 
   
should be written as
 
  
 
 
{{data|default: ' &lt;b&gt;123&lt;/b&gt; '}}
4 template Layer-HTML escape