When should I use escape and safe in Django’s template system?

by

Actually, it depends. Django’s templating engine does escaping automatically, so you don’t really need to escape.

If you add template filter “safe” like {{c.title|safe}} then you do need to worry about things like html injection, because “safe” marks the string as such and it means that it won’t be escaped.

There is also an {% autoescape on %}…{% endautoescape %} template tag, where “on” can be changed to “off”, if necessary. By default it’s on and the tag is not needed.

Other template engines may not be escaping by default, Jinja2 is one of them.

More Related Contents:

  1. Django template how to look up a dictionary value with a variable
  2. How to encode UTF8 filename for HTTP headers? (Python, Django)
  3. How do I use Django templates without the rest of Django?
  4. Rendering JSON objects using a Django template after an Ajax call
  5. Override existing Django Template Tags
  6. Does the django-rest-framework provide an admin site to manage models?
  7. How to convert JSON data into a Python object?
  8. Django set default form values
  9. Django filter queryset __in for *every* item in list
  10. Django, creating a custom 500/404 error page
  11. How do I force Django to ignore any caches and reload data?
  12. ImproperlyConfigured: You must either define the environment variable DJANGO_SETTINGS_MODULE or call settings.configure() before accessing settings
  13. Django: Adding “NULLS LAST” to query
  14. Serving dynamically generated ZIP archives in Django
  15. Django Admin – change header ‘Django administration’ text
  16. How can I save my secret keys and password securely in my version control system?
  17. many-to-many in list display django
  18. How to filter (or replace) unicode characters that would take more than 3 bytes in UTF-8?
  19. Bypass confirmation prompt for pip uninstall
  20. Heroku fails to install pywin32 library
  21. Running django tutorial tests fail – No module named polls.tests
  22. Simple approach to launching background task in Django
  23. django-cors-headers not work
  24. How does the order of mixins affect the derived class?
  25. Django 1.9 deprecation warnings app_label
  26. How to assign a local file to the FileField in Django?
  27. ImportError: Could not import settings
  28. Django: When to customize save vs using post-save signal
  29. Add custom form fields that are not part of the model (Django)
  30. Can a dictionary be passed to django models on create?

Leave a Comment