HTML escape
- Django automatically HTML-escapes the string, such as the following values in the template:
视图代码:def index(request): return render(request, ‘temtest/index2.html‘, { ‘t1‘: ‘
Characters that will be automatically escaped
- HTML escape, which is the output of the included HTML tags, is not interpreted, because when the user submits the string, it may contain some offensive code, such as JS script
- Django automatically escapes the following characters:
< 会转换为<> 会转换为>‘ (单引号) 会转换为'" (双引号)会转换为 "& 会转换为 &
- Use escape filter When displaying untrusted variables, generally omitted because Django automatically escapes
{{t1|escape}}
Turn off escape
- Use safe filters for variables
{{ data|safe }}
- Use Autoescape tags for code blocks
{ % autoescape off %}{{ body }}{ % endautoescape %}
- Label Autoescape accept on or off parameters
- The auto-escape label is closed in the base template and is also closed in the child template
String literals
{ { data|default:"<b>123</b>" }}
{ { data|default:"<b>123</b>" }}
HTML Escape of Django Basics: