I pull a feed from rss and store the data in a appengine db. The rss feed content includes the entire html. So I have this python code:
@app.route("/rssRead")
def pullRss():
feedItem = db.getFeedItemByName(request.args.get('title',None), request.args.get('key',None))
return render_template("rss.html", data= Markup(feedItem.html).unescape())
And my html template looks like this:
{% extends "layout.html" %}
{% block body %}
{{ data }}
{% endblock %}
So when I view the page I have the actual html markup being displayed, how do I unescape the html data?
This should work too.
{% extends "layout.html" %}
{% block body %}
{{ data|safe }}
{% endblock %}
Instead of data=Markup(feedItem.html).unescape(), you should be using data=Markup(feedItem.html). That will do the right thing and keep your template clean.
Calling unescape() here is pointless (unless feeditem.html contains pre-escaped html, which it probably doesn't). More importantly, using unescape() here produces a string/unicode object instead of a Markup object, which keeps Jinja2 from recognizing that the field contains html that needs escaping. This defeats Jinja2's automatic escaping ability (that's the purpose of the Markup class!) I also forces your future template maintainers to remember that this field requires manual escaping, which clutters the template code with extra calls.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论