MozSecureWorld FAQ: Difference between revisions
Jump to navigation
Jump to search
| Line 32: | Line 32: | ||
Solution: Use Django [https://docs.djangoproject.com/en/dev/ref/templates/builtins/#safe |safe] | Solution: Use Django [https://docs.djangoproject.com/en/dev/ref/templates/builtins/#safe |safe] | ||
Problem: After using bleach, the safe tags show up "<b>should be bolded</b>" instead of being rendered as <b>should be bolded</b>, you have to add a "|safe" to the template.html: <pre>{{richtext.comment|safe}} | Problem: After using bleach, the safe tags show up "<b>should be bolded</b>" instead of being rendered as <b>should be bolded</b>, you have to add a "|safe" to the template.html: | ||
:( | |||
<pre>{{richtext.comment|safe}} | |||
</pre> | </pre> | ||
Revision as of 05:18, 14 June 2011
MozSecureWorld FAQ/Notes
FAQ
CSRF error
Django's fix to CSRF can be found in the tutorial. Where you put in
template.html:
{% csrf_token %}
views.py:
from django.shortcuts import render_to_response
from django.template import RequestContext
def ...
return render_to_response('template.html', {'var_name': var_value}, context_instance=RequestContext(request))
But in the demo's setup with jingo and other stuff: template.html:
{{ csrf() }}
views.py:
import jingo
return jingo.render(request, 'template.html', {"var_name": var_value})
HTML is not rendered
Solution: Use Django |safe
Problem: After using bleach, the safe tags show up "<b>should be bolded</b>" instead of being rendered as should be bolded, you have to add a "|safe" to the template.html:
- (
{{richtext.comment|safe}}