Django's automatic HTML escaping

For security reason, Django template will escapes some special HTML's characters that dynamic generated. These five characters are escaped:
  • < is converted to &lt;
  • > is converted to &gt;
  • ' (single quote) is converted to &#39;
  • " (double quote) is converted to &quot;
  • & is converted to &amp;

This feature was joined since Django 1.0(release notes). If you had Django web application on GAE and want to migrate Django's version from 0.96 to 1.2 (Since GAE SDK 1.4.2, Django 1.2.5 was available.). You must pay attention to it.

I had uses CKEditor in my web application. CKEditor will generate HTML code always. So, I need to turn off HTML escaping like below:
{{ content|safe }}
Detail description of 『automatic HTML escaping』 is here.

留言

熱門文章