Passing HTML to template using Flask/Jinja2

python flask jinja2

I'm building an admin for Flask and SQLAlchemy, and I want to pass the HTML for the different inputs to my view using render_template. The templating framework seems to escape the HTML automatically, so all <"'> characters are converted to HTML entities. How can I disable that so that the HTML renders correctly?


Solution 1:

To turn off autoescaping when rendering a value, use the |safe filter.

{{ something|safe }}

Only do this on data you trust, since rendering untrusted data without escaping is a cross-site scripting vulnerability.

Solution 2:

MarkupSafe provides Jinja's autoescaping behavior. You can import Markup and use it to declare a value HTML safe from the code:

from markupsafe import Markup
value = Markup('<strong>The HTML String</strong>')

Pass that to the templates and you don't have to use the |safe filter on it.

Related

How to auto-generate a C# class file from a JSON string [closed]
Location of parenthesis for auto-executing anonymous JavaScript functions?
Why does flowing off the end of a non-void function without returning a value not produce a compiler error?
How do I reverse an int array in Java?
Split / Explode a column of dictionaries into separate columns with pandas
How to clear input buffer in C?
Access nested dictionary items via a list of keys?
Logical operators for Boolean indexing in Pandas
How to split a dataframe string column into two columns?
Split string every nth character?
Remove HTML tags from a String
Do you recommend using semicolons after every statement in JavaScript?