I'm using CKEditor rich text field for my Django blog app. But not getting the desired output. If I write some heading text, on the front end the output is <h1> Hello </h1>. But I don't want heading tags, I also tried to striptags but in that case, the output is not heading it is simple paragraph text
index.html
{% for posts in post %}
<div>{{posts.content|striptags}}</div>
{% endfor %}
Rich text model
content = RichTextField(blank = True ,null = True)
I guess you want the safe filter, which tells django you know you are doing something a little bit dangerous, and it should not try to protect you.
{% posts.content|safe %}
that will actually render the html (including any malicious javascript a user may have entered (ie i would strongly recomend using a package like bleach or html-sanitizer to only allow specific html tags)
I'd like to separate numerical values in the form with a comma in my Django project.
Then I found the documentation below:
https://docs.djangoproject.com/en/2.0/ref/contrib/humanize/
I thought that I can use 'intcomma' for my purpose. So I added "django.contrib.humanize" to my INSTALLED_APPS setting. And put {% load humanize %} in a template.
When I use 'intcomma' like below, it worked.
{{ 999999|intcomma }} # 999,999
But It did not work for integer form like below:
{{ form.numbers|intcomma }} # did not work.
A code was displayed to html instead of numbers like this:
<input type="number" name="int_sample" value="100000" id="id_int_sample"
My Django version is 2.0.1.
Formatting the value of an IntegerField
You access the value of an IntegerField with the .value attribute, so:
{{ form.numbers.value|intcomma }}
Note that this is the value set to the Form when you construct it. For example through initial={..} or the value that corresponds to the instance=... you pass to the field. If you for example in th form change the value, the content will not change.
Generating an <input> with number formatting
In case we want the <input> element itself to format the number separated with comma's, we will need some HTML/JavaScript. Since Django basically only renders a webpage. How the webpage behaves in the browser is not really the responsibility of Django.
We can for example use the following approach:
<script language="JavaScript">
function commas(input){
input.value = Number(input.value).toLocaleString();
}
</script>
{{ form.numbers }}
And the Form should then make sure the commas function is invoked:
SomeForm(forms.Form):
numbers = forms.IntegerField(
widget=forms.TextInput(attrs={'onclick':'commas(self)'})
)
I'd like to use jinja2 for rendering strings like "Value is {{ obj.value }}".
I only want to allow substituting template variables = the {{ }} syntax.
I do not want to allow any logic whatsoever = the {% %} syntax.
How do I make jinja2 rendering "less powerful" to achieve this?
Security concerns? Note that while these templates are to be input by the user, the rendered output will be rendered via jinja2 again, as part of an HTML template. So characters like < and > will be escaped before becoming HTML as sent to the browser.
I have a comment_form.html template, which is used in multiple places in my app, and I'd like to be able to pass the endpoint's url into that template from a parent template. Normally I would do this using the with tag:
{% with endpoint='/comments' %}
{% include 'comment_form.html' %}
{% endwith %}
The problem is that I can't use a string literal '/comments' here, but instead I need a url tag, like so: {% url 'blog:comments:comments' username=post.user.username object_id=post.id %}. The with template tag seems to expects a literal or a context variable and doesn't seem to be able to comprehend "use the result of another template tag".
One solution would be to pass the strings 'blog:comments:comments', post.user.username, post.id all separately. But this is a problem because different uses of the comment form may require different arguments to uniquely define the endpoint.
How can I use with with the result of another template tag?
You can't, but you don't need to. The url tag has an alternative syntax that injects is result into the context:
{% url 'blog:comments:comments' username=post.user.username object_id=post.id as endpoint %}
Django treats {{ var }} as some variable in its template. How can I escape {{ var }} or {{ or }} such that django does not treat it as variable.
<p>"{{ some text }}"</p> Should prints exactly the same.
Django 1.5 introduced {% verbatim %} template tag. It stops template from parsing contents of this tag:
{% verbatim %}
{{ var }}
{% endverbatim %}
will be rendered as:
{{ var }}
I believe you are looking for the templatetag template tag.
As the linked-to doc states,
Since the template system has no concept of "escaping", to display one of the bits used in template tags, you must use the {% templatetag %} tag.
For example:
<p>"{% templatetag openvariable %} some text {% templatetag closevariable %}"</p>
will appear as so:
<p>"{{ some text }}"</p>
Edit: I don't really recommended this because it's not very clean, but it's still an option.
I was searching for one that I could use with JQuery Templates and figured a way to do it without tags or filters. This is as short as I could get it:
{{ "{{ any text }" }}}
Is printed as:
{{ any text }}
Why it works? Any text within {{}} is displayed as is, as long as it doesn't have two closing braces }} in a row. Then there are three brackets in a row, django interprets two first ones as end of the variable leaving one additional closing brace.
You can try escaping with html character escapes like:
{ = {
} = }
<p>"{{ some text }}"</p>
Update
In case anyone is trying to use the actual tags for javascript, verbatim is a better solution:
Stops the template engine from rendering the contents of this block tag.
{% verbatim %}
{{if dying}}Still alive.{{/if}}
{% endverbatim %}
if you simply need to use {{ }} as a variable for template framework like angularjs, then following maybe simpler:
in your <app path>/templatetags/ngvar.py , add
from django import template
register = template.Library()
#register.simple_tag
def ngvar(var_name):
return "{{%s}}" % var_name
and in template, do
{% load ngvar %}
{% ngvar "variable name" %}
if ngvar.py is the first template tag, then make sure to add __init__.py file to the templatetags directory
Another option would be to add a word joiner (zero width no-break space) between each curly bracket:
<p>"{{ some text }}"</p>
Although the above answers can solve the original problem, I add some hack around here for those who are scratching their heads like me.
Some times, we want to render a single brace followed by a variable. For example, in BibTeX, there may be something look like this:
#MISC{hu2012-spectral,
author = {Hu, Pili},
title = {Spectral Clustering Survey},
howpublished = {GitHub, https://github.com/hupili/tutorial/tree/master/spectral-clustering},
month = {May},
year = {2012}
}
Those bib fields come from template variables. If you write
title = {{{title}}},
jinja can not compile and raise an error. If you write
title = { {{title}} },
there will be extra blanks. The hack around is to store '{' and '}' as variables and use later.
{% set lb = '{' %}
{% set rb = '}' %}
...
#MISC{{lb}}{{ meta.bib_key }},
author = {{lb}}Hu, Pili{{rb}},
title = {{lb}}{{ meta.title }}{{rb}},
howpublished = {{lb}}GitHub, https://github.com/hupili/tutorial/tree/master/{{ auto.path}}{{rb}},
month = {{lb}}{{ meta.month }}{{rb}},
year = {{lb}}{{ meta.year }}{{rb}}
}
This looks clumsy but it is the best I find so far. If you have a cleaner solution, please tell me.
This template tag (designed for use with jQuery Templates) might do the trick. It let's you wrap content you don't want Django to interpret as variables with a template tag.
it can be solved by avoing adjacent angular backets, if its inside javascript code then you can write
'{'+'{address.'+key+'}}'
I used this to print jinja variables into another template,using javascript.
Jinja, which is what is being used for the templates, offers several suggestions for escaping here. What has worked best for me is using something like "{% raw %}{{ some text }}{% endraw %}"