[Flask] [EXT] Re: render_template_string doesn't render
Patrick L Jones
plj at mitre.org
Mon Aug 16 08:32:15 EDT 2021
Greetings,
I tried the suggestions:
return render_template_string("""
{% autoescape false %}
<h1>PLEASE CLOSE THIS WINDOW</h1>
{% endautoescape %}
""")
What was rendered on the page was:
"\n \n <h1>PLEASE CLOSE THIS WINDOW</h1>\n \n "
Any idea of what I'm doing wrong or how to make it render the string?
Thank you,
Pat
-----Original Message-----
From: Flask <flask-bounces+plj=mitre.org at python.org> On Behalf Of Dennis Lee Bieber
Sent: Friday, August 13, 2021 5:29 PM
To: flask at python.org
Subject: [EXT] Re: [Flask] render_template_string doesn't render
On Fri, 13 Aug 2021 18:48:55 +0000, Patrick L Jones <plj at mitre.org> declaimed the following:
>def get(self):
> return render_template_string('<h1>PLEASE CLOSE THIS WINDOW</h1>')
Per some documentation
https://flask.palletsprojects.com/en/2.0.x/templating/
"""
Unless customized, Jinja2 is configured by Flask as follows:
autoescaping is enabled for all templates ending in .html, .htm, .xml as well as .xhtml when using render_template().
autoescaping is enabled for all strings when using render_template_string().
a template has the ability to opt in/out autoescaping with the {% autoescape %} tag.
"""
"""
Autoescaping is the concept of automatically escaping special characters for you. Special characters in the sense of HTML (or XML, and thus XHTML) are &, >, <, " as well as '. Because these characters carry specific meanings in documents on their own you have to replace them by so called “entities” if you want to use them for text. Not doing so would not only cause user frustration by the inability to use these characters in text, but can also lead to security problems. (see Cross-Site Scripting (XSS))
Sometimes however you will need to disable autoescaping in templates. This can be the case if you want to explicitly inject HTML into pages, for example if they come from a system that generates secure HTML like a markdown to HTML converter.
"""
"""
To disable the autoescape system in templates, you can use the {% autoescape %} block:
{% autoescape false %}
<p>autoescaping is disabled here
<p>{{ will_not_be_escaped }}
{% endautoescape %}
"""
--
Wulfraed Dennis Lee Bieber AF6VN
wlfraed at ix.netcom.com http://wlfraed.microdiversity.freeddns.org/
_______________________________________________
Flask mailing list
Flask at python.org
https://mail.python.org/mailman/listinfo/flask
More information about the Flask
mailing list