i通过包含嵌入式<a>的Django管理面板输入了responsibility.description。在模板中显示它时,我希望<a>以链接形式出现,而不是以<a&rt;的形式出现。
我找到了这个建议(如何在django feed中禁用自动扫描?(,但似乎对我不起作用。
我尝试将其标记为safe:
{% for responsibility in software.responsibilities.all %}
<li>{{ responsibility.description|safe }}</li>
{% endfor %}
,还关闭autoescape:
{% for responsibility in software.responsibilities.all %}
{% autoescape off %}
<li>{{ responsibility.description }}</li>
{% endautoescape %}
{% endfor %}
我错过了什么,还是我可以尝试其他方法?
这是存储在数据库中的数据:
>>> Responsibility.objects.filter(id=38)
<QuerySet [<Responsibility: Created and ran test suites using a proprietary testing framework for “Stubbs the Zombie” (<a target="_blank" href="http://www.imdb.com/title/tt0498128/fullcredits?ref_=tt_cl_sm#cast">credited</a>), a game for Windows, Mac, and X-Box written in C/C++ utilizing the Halo game engine.>]>
这是在HTML中出现的方式:
<li>Created and ran test suites using a proprietary testing framework for "Stubbs the Zombie" (<a target="_blank" href="http://www.imdb.com/title/tt0498128/fullcredits?ref_=tt_cl_sm#cast">credited</a>), a game for Windows, Mac, and X-Box written in C/C++ utilizing the Halo game engine.</li>
您可以使用HTML的模块,unescape方法巫婆:
转换所有命名和数字字符引用(例如 &x3e;(在相应的Unicode字符的字符串中。
您可以通过以下一种或两种方式使用它:
-
当您收到要存储在数据库中的数据(
POST,PUT等(时:from html import unescape to_be_stored = unescape(input_data)然后将
to_be_stored存储在您的数据库 -
当您将数据库从数据库发送到模板时(
GET,LIST等(:from html import unescape class MyView(): ... def get(self): ... responsibility = Responsibility.objects.filter(id=your_id) response['responsibility'] = unescape(responsibility.description) ...然后
return/render/ett响应。
尝试 |safe|escape
{% for responsibility in software.responsibilities.all %}
<li>{{ responsibility.description|safe|escape }}</li>
{% endfor %}
参考:安全