On 2/01/2018 10:01 AM, Malik Rumi wrote:
> I even tried putting this at the top of my detail template, inside {&
> block content %}:
>
> <style>
>
> p }
p {
>
> color: red;
> }
>
> </style>
>
> But the result was the same:
>
> <p>This is all just to help me understand. I put this</p>
>
> So what am I doing wrong, here?
Django always converts your html tags. I would remove the autoescape and
try the safe filter all by itself. That may work but is not what I do.
I selectively permit some tags and prevent others using bleach and
Django's own mark_safe() in my views.
Bleach has a set of permissable tags by default and converts all others
to > and < entities. You can add to those defaults if you need to.
That means a bleached piece of text may have a mixture of genuine html
tags and converted (ie., harmless) tags which actually look like html
source but are not.
To get that piece of text to render properly is not possible if you just
render it as is because Django converts the remaining tags even after
bleaching. So you have to mark that piece of text safe before rendering it.
# in a view
from django.utils.safestring import mark_safe
renderable_text = mark_safe(piece_of_bleached_text)
Then in your template
{{ renderable_text | safe }}
You still need the safe filter because renderable_text still has genuine
html which you want the browser to recognise - even though bleach may
have converted some disallowed tags.
https://docs.djangoproject.com/en/1.11/howto/custom-template-tags/#filters-and-auto-escaping
Cheers
Mike
>
> */"None of you has faith until he loves for his brother or his
> neighbor what he loves for himself."/*
>
> On Mon, Jan 1, 2018 at 2:47 PM, Malik Rumi <malik.a.rumi@gmail.com
> <mailto:malik.a.rumi@gmail.com>> wrote:
>
> This also fails, and renders exactly as you now see it on my web
> page:
>
> {% autoescape off %}
> <h1 class="text-info">Yea, that's going to be a monster....</h1>
> {% endautoescape %}
>
> */"None of you has faith until he loves for his brother or his
> neighbor what he loves for himself."/*
>
> On Mon, Jan 1, 2018 at 2:28 PM, Malik Rumi <malik.a.rumi@gmail.com
> <mailto:malik.a.rumi@gmail.com>> wrote:
>
> Well, as I said at the beginning, I don't seem to 'get'
> autoescape and safe. For example, I put this in my template:
>
> {{ object.content|linebreaks|safe }}
>
> But the result in my web page is:
>
> <p>Friday, November 17, 2017<br>
>
> 5:36 pm</p>
>
> <h3>pga4 and mezz</h3>
>
> <p>I am happy to report.....
>
> So what am i doing wrong here? (I didn't know I could use safe
> in a view. Haven't tried that yet.)
>
>
> */"None of you has faith until he loves for his brother or his
> neighbor what he loves for himself."/*
>
> On Mon, Jan 1, 2018 at 1:32 PM, Jani Tiainen
> <redetin@gmail.com <mailto:redetin@gmail.com>> wrote:
>
> Hi.
>
> By default all strings processed through Django templating
> language are considered as unsafe. IOW all strings gets
> HTML escaped properly.
>
> To get around that you can either use safe filter or
> declare particular string as a safe in a view.
>
> 1.1.2018 20.47 "Malik Rumi" <malik.a.rumi@gmail.com
> <mailto:malik.a.rumi@gmail.com>> kirjoitti:
>
> Apparently I completely misunderstand the built in
> template tags {% autoescape &} and {% safe %}. Either
> they don't do what I expect, or I can't get them to do
> what I expect. But what I am trying to do is not at
> all unusual, so this post is all about learning from
> the community what are the best practices for getting
> this done.
>
>
> Simply put, I want to be able to put some style on any
> arbitrary text in any arbitrary article on my site.
>
>
> I have tried the version of TinyMCE built into
> Mezzanine. I found it both too limiting and too
> complex for my purposes. I also think the idea of
> using a wysiwg editor just to make a single word
> <b>bold</b> or with <font: color=yellow> highlighting
> is pretty heavy handed. There must be a better way.
> What is it?
>
>
> I did stumble across a snippet for a custom template
> tag, https://www.djangosnippets.org/snippets/1242/
> <https://www.djangosnippets.org/snippets/1242/>, but
> it is 9 years old and has only one comment in all that
> time. Although the comment is favorable, that's hardly
> what I would call a large and happy current user base.
> On the flip side, I assume this is not very different
> from how {% url %} works, so maybe it can be hacked to
> do what I'm talking about?
>
>
> I also looked at djangopackages, and the results were
> disappointing. Django-text looked promising, but the
> author wrote me that it is no longer in active
> development :-(
>
>
> So, all you experts out there, how do you solve this
> problem? Thanks.
>
>
> p.s. I am comfortable with html, but CSS and
> javascript, not so much. Doesn't mean I can't or won't
> learn if that's your go to option, I'm just letting
> you know where I am.
>
>
> p.s.s. HAPPY NEW YEAR TO ALL!
>
> --
> You received this message because you are subscribed
> to the Google Groups "Django users" group.
> To unsubscribe from this group and stop receiving
> emails from it, send an email to
> django-users+unsubscribe@googlegroups.com
> <mailto:django-users+unsubscribe@googlegroups.com>.
> To post to this group, send email to
> django-users@googlegroups.com
> <mailto:django-users@googlegroups.com>.
> Visit this group at
> https://groups.google.com/group/django-users
> <https://groups.google.com/group/django-users>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/0b700a53-7812-4a64-a690-0f606980179f%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/0b700a53-7812-4a64-a690-0f606980179f%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit
> https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to a
> topic in the Google Groups "Django users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/django-users/qYY7V0h2E0k/unsubscribe
> <https://groups.google.com/d/topic/django-users/qYY7V0h2E0k/unsubscribe>.
> To unsubscribe from this group and all its topics, send an
> email to django-users+unsubscribe@googlegroups.com
> <mailto:django-users+unsubscribe@googlegroups.com>.
> To post to this group, send email to
> django-users@googlegroups.com
> <mailto:django-users@googlegroups.com>.
> Visit this group at
> https://groups.google.com/group/django-users
> <https://groups.google.com/group/django-users>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CAHn91of%3DZkDbjJGXqeRGP48_Xufz9ULXc8myaLiCBS%3Da1QR15w%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-users/CAHn91of%3DZkDbjJGXqeRGP48_Xufz9ULXc8myaLiCBS%3Da1QR15w%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
>
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users+unsubscribe@googlegroups.com
> <mailto:django-users+unsubscribe@googlegroups.com>.
> To post to this group, send email to django-users@googlegroups.com
> <mailto:django-users@googlegroups.com>.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CAKd6oByrfqOSCMKamjdT_AFKQnP1dGZ7gbUdcj0Q9CkC5DeVVA%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-users/CAKd6oByrfqOSCMKamjdT_AFKQnP1dGZ7gbUdcj0Q9CkC5DeVVA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3a1e6237-db40-6999-8ea0-40d295e505e4%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment