Converting \n to <br> in mako files_问答_开发者

开发者 https://www.devze.com 2022-12-20 23:30 出处：网络

I\'m using python with py开发者_如何学编程lons I want to display the saved data from a textarea in a mako file with new lines formatted correctly for display

I'm using python with py开发者_如何学编程lons

I want to display the saved data from a textarea in a mako file with new lines formatted correctly for display

Is this the best way of doing it?

> ${c.info['about_me'].replace("\n", "<br />") | n}

The problem with your solution is that you bypass the string escaping, which can lead to security issues. Here is my solution :

<%! import markupsafe %>
${text.replace('\n', markupsafe.Markup('<br />'))}

or, if you want to use it more than once :

<%!
    import markupsafe
    def br(text):
        return text.replace('\n', markupsafe.Markup('<br />'))
%>
${text | br }

This solution uses markupsafe, which is used by mako to mark safe strings and know which to escape. We only mark <br/> as being safe, not the rest of the string, so it will be escaped if needed.

It seems to me that is perfectly suitable.

Be aware that replace() returns a copy of the original string and does not modify it in place. So since this replacement is only for display purposes it should work just fine.

Here is a little visual example:

>>> s = """This is my paragraph.
... 
... I like paragraphs.
... """
>>> print s.replace('\n', '<br />')
This is my paragraph.<br /><br />I like paragraphs.<br />
>>> print s
This is my paragraph.

I like paragraphs.

The original string remains unchanged. So... Is this the best way of doing it?

Ask yourself: Does it work? Did it get the job done quickly without resorting to horrible hacks? Then yes, it is the best way.

Beware as line breaks in <textarea>s should get submitted as \r\n according to http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.13.4

To be safe, try s.replace('\r\n', '<br />') then s.replace('\n', '<br />').

This seems dangerous to me because it prints the whole string without escaping, which would allow arbitrary tags to be rendered. Make sure you cleanse the user's input with lxml or similar before printing. Beware that lxml will wrap in an HTML tag, it just can't handle things that aren't like that, so get ready to remove that manually or adjust your CSS to accommodate.

try this it will work:-

${c.info['about_me'] | n}

There is also a simply help function that can be called which will format and santize text correctly replacing \n for
tags (see http://sluggo.scrapping.cc/python/WebHelpers/modules/html/converters.html).

In helpers.py add the following:

from webhelpers.html.converters import textilize

Then in your mako file simply say

h.textilize( c.info['about_me'], santize=True)

The santize=True just means that it will make sure any other nasty codes are escaped so users can't hack your site, as the default is False. Alternatively I make do a simple wrapper function in helpers so that santize=True is always defaults to True i.e.

from webhelpers.html.converters import textilize as unsafe_textilize

def textilize( value, santize=True):
    return unsafe_textilize( value, santize )

This way you can just call h.textilize( c.info['about_me'] ) from your mako file, which if you work with lots of designers stops them from going crazy.