发表新帖
发表新帖

How do I output HTML in a message in the new Django messages framework?

后端 未结
关注
8 1070
花落未央
花落未央 2020-12-04 21:37

I\'m trying to display a bit of html in a message that\'s being displayed via the new Django messages framework. Specifically, I\'m doing this via the ModelAdmin.message_use

相关标签:
8条回答
  • 孤街浪徒
    2020-12-04 21:53

    Have you tried {{ message | safe }}?

    In the Django template system template variables are always escaped, unless you specify them as safe with the safe filter. This default makes even the unaware protected against an injection attack.

    I'm not sure how that interacts with mark_safe, but perhaps something happened in between that made it unsafe again.

    0 讨论(0)
  • 伪装坚强ぢ
    2020-12-04 21:55

    As Ryan Kaske said here, the correct way is to use {{ message.message }} instead of {{ message }}. e.g.

    {% if messages %}
    <ul class="messagelist">
        {% for message in messages %}
            <li>{{ message.message }}</li>
        {% endfor %}
    </ul>
{% endif %}
    0 讨论(0)
  • 耶瑟儿~
    2020-12-04 21:59

    The entire point of the templating system is to deal with strings and data like this.

    While every other answer instructs you to mark your built string as safe, I would go one step further and tell you to never use HTML in your code - always use a template instead.

    The template system makes sure things are properly escaped so you don't have to worry about it, and it's much harder for the programmer to get into the situation where they're building up an HTML string out of a bunch of ifs, and user data.

    app/templates/app/fragments/google_link.html:

    <a href="https://www.google.com">Here's Google!</a>

    views.py:

    from django.template import loader

...

def view(request):
    messages.info(
        request,
        loader.render_to_string(
            'app/fragments/google_link.html',
            {},
            request=request,
        ),
    )
    0 讨论(0)
  • 北海茫月
    2020-12-04 22:04

    You can use format_html. It applies escaping to all arguments.

    For example, if we can link with a 'mymodel' detail using an attribute call 'name':

    from django.contrib import messages
from django.utils.html import format_html


message = format_html("{} <a href='{}'>{}</a>",
                      "This is the mymodel", 
                      reverse('myapp:mymodel-detail', args=(mymodel.id,)),
                      mymodel.name)
messages.info(request, message)

    This answer is based on https://stackoverflow.com/a/33751717/3816639

    0 讨论(0)
  • 夕颜
    2020-12-04 22:05

    This worked for me (Django 1.11):

    from django.contrib import messages
from django.utils.safestring import mark_safe

messages.info(request, mark_safe('This is link to <a href="http://google.com">http://google.com</a>'))
    0 讨论(0)
  • 天涯浪人
    2020-12-04 22:08

    Another option is to use extra_tags keyword arg to indicate that a message is safe. Eg

    messages.error(request, 'Here is a <a href="/">link</a>', extra_tags='safe')

    then use template logic to use the safe filter

    {% for message in messages %}
    <li class="{{ message.tags }}">
    {% if 'safe' in message.tags %}{{ message|safe }}{% else %}{{ message }}{% endif %}
    </li>
{% endfor %}
    0 讨论(0)
 看不清?
提交回复
热议问题