2👍
✅
There is no built-in way to safely escape html. From the docs–
Deprecated since version 1.8:
removetags cannot guarantee HTML safe output and has been deprecated due to security concerns. Consider using bleach instead.
Bleach is an html sanitizing library from Mozilla. It may make the most sense to create a method on your snippet class that returns a bleached string, removing all tags.
In addition, you can use the built-in template tags truncatewords, truncatechars, etc to limit how many characters/words are shown upon template rendering.
0👍
As suggested in a comment by @Ian Price, if you can trust the content you’re working on, a regex works fine. For example:
import re
...
def __str__(self):
remove_tags = re.compile('<.*?>')
return re.sub(remove_tags, '', self.body)
👤Tom
- [Django]-Reference a HTML tag with javascript that was generated from django json schema
- [Django]-ContentNotRenderedError: The response content must be rendered before it can be accessed (Django Middleware)
- [Django]-Django Rest Framework – How to restructure json response?
- [Django]-HttpResponseRedirect Reverse not working Django
- [Django]-Using a registration form to add to custom user fields (django)
Source:stackexchange.com