Why and when to use the Django mark_safe () function

Question

Why and when to use the Django mark_safe () function

After reading the document, mark_safe () still seems like a myth. I think this is due to CSRF. But why and when should mark_safe () be used?

Here is the documentation

mark_safe [source] ¶
Explicitly mark the string as safe for (HTML) output. The returned object can be used throughout the string or unicode.
It can be called several times on the same line.
To create HTML snippets, you usually should use django.utils.html.format_html ().
A line marked safely will become unsafe again if changed. For example:

+8

django django-templates

day Sep 26 '15 at 16:55

source share

1 answer

allo · Accepted Answer · 2015-09-26T17:10:27+0000

Django - , "" . , , .

php python:

PHP:

<? echo $foo ?>

:

<script src="evil">

:

{{ foo }}

:

&gt;script src="evil"&lt;

, <a href="link">text</a>. django , <> . , , mark_safe, , (.. userinput).

{{ foo|safe }} {% autoescape off %}{{ foo }}{% endautoescape %} django, , .

, mark_safe ? templatetags , python, , {{foo | mylinkifyfunction}} (.. URL- foo, <a href=""></a> URL-).

Why and when to use the Django mark_safe () function

More articles: