Convert \ n to mako file

Question

Convert \ n to mako file

I am using python with props

I want to display the saved data from a text field in a mako file with new lines correctly formatted for display

Is this the best way to do this?

> ${c.info['about_me'].replace("\n", "<br />") | n}

+4

python mako pylons

Joe Gibbons Feb 18 '10 at 0:33

source share

6 answers

madjar · Answer 1 · 2012-09-27T13:38:47+0000

The problem with your solution is that you bypass the string escaping, which can lead to security problems. Here is my solution:

 <%! import markupsafe %> ${text.replace('\n', markupsafe.Markup('<br />'))}

or, if you want to use it more than once:

 <%! import markupsafe def br(text): return text.replace('\n', markupsafe.Markup('<br />')) %> ${text | br }

This solution uses markupsafe , which mako uses to mark safe strings and knows that you need to escape. We mark <br/> safe and not the rest of the line, so it will be escaped if necessary.

jathanism · Answer 2 · 2010-02-18T00:55:11+0000

It seems to me that this is great.

Remember that replace() returns a copy of the original string and does not change it. Since this replacement is for display purposes only, it should work fine.

Here is a small visual example:

 >>> s = """This is my paragraph. ... ... I like paragraphs. ... """ >>> print s.replace('\n', '<br />') This is my paragraph.<br /><br />I like paragraphs.<br /> >>> print s This is my paragraph. I like paragraphs.

The original string remains unchanged. So ... Is this the best way to do this?

Ask yourself: does it work? Is it really quickly completed the work, without resorting to terrible hacks? Then yes, this is the best way.

ccmonkey · Answer 3 · 2010-02-18T01:01:10+0000

Beware that line breaks in <textarea> should be represented as \r\n according to http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.13.4

To be safe, try s.replace('\r\n', '<br />') , then s.replace('\n', '<br />') .

jeffcook2150 · Answer 4 · 2011-09-11T22:13:45+0000

It seems to me that this is dangerous for me, because it prints the entire line without escaping, which allows you to visualize arbitrary tags. Before printing, make sure that you clear user input using lxml or similar. Beware that lxml will be inserted into the HTML tag, it just cannot handle things that are not like that, so be prepared to remove it manually or configure your CSS for placement.

shiny · Answer 5 · 2014-01-09T09:42:22+0000

try this, it will work: -

 ${c.info['about_me'] | n}

Mr-f · Answer 6 · 2012-10-16T21:17:29+0000

There is also a simple help function that can be called that will format and edit the text, correctly replacing \ n for tags (see http://sluggo.scrapping.cc/python/WebHelpers/modules/html/converters.html ).

In helpers.py add the following:

 from webhelpers.html.converters import textilize

Then in your mako file just say

 h.textilize( c.info['about_me'], santize=True)

Santize = True means that it will make sure that any other nasty codes will be escaped so that users cannot hack your site, since the default is False. As an alternative, I make a simple wrapper function in helpers, so santize = True is always True ie

 from webhelpers.html.converters import textilize as unsafe_textilize def textilize( value, santize=True): return unsafe_textilize( value, santize )

So you can just call h.textilize (c.info ['about_me']) from your mako file, which if you work with a lot of designers will prevent them from going crazy.

Convert \ n to mako file

More articles: