MozSecureWorld FAQ: Difference between revisions
Jump to navigation
Jump to search
| Line 28: | Line 28: | ||
return jingo.render(request, 'template.html', {"var_name": var_value}) | return jingo.render(request, 'template.html', {"var_name": var_value}) | ||
</pre> | </pre> | ||
=== HTML is not rendered === | |||
Solution: Use Django [https://docs.djangoproject.com/en/dev/ref/templates/builtins/#safe |safe] | |||
Problem: After using bleach, the safe tags show up "<b>" instead of being rendered, you have to add a "|safe" to the template: {{ richtext.comment|safe }} | |||
Revision as of 04:52, 14 June 2011
MozSecureWorld FAQ/Notes
FAQ
CSRF error
Django's fix to CSRF can be found in the tutorial. Where you put in
template.html:
{% csrf_token %}
views.py:
from django.shortcuts import render_to_response
from django.template import RequestContext
def ...
return render_to_response('template.html', {'var_name': var_value}, context_instance=RequestContext(request))
But in the demo's setup with jingo and other stuff: template.html:
{{ csrf() }}
views.py:
import jingo
return jingo.render(request, 'template.html', {"var_name": var_value})
HTML is not rendered
Solution: Use Django |safe
Problem: After using bleach, the safe tags show up "<b>" instead of being rendered, you have to add a "|safe" to the template: Template:Richtext.comment