0

So I'm passing a JSON object to a jinja2 template. The object is named 'markers' and it contains this data:

{'markers': [{'marker_id': 1, 'lat': '-33.8653882', 'lng': '151.216084'}, 
{'marker_id': 2, 'lat': '49.15987639', 'lng': '5.38442310'}]}

When I print the object in a p tag it appears fine, as so:

<p>{{markers}}</p>

displays:

{'markers': [{'marker_id': 1, 'lat': '-33.8653882', 'lng': '151.216084'}, 
{'marker_id': 2, 'lat': '49.15987639', 'lng': '5.38442310'}]}

but when i try and pass {{markers}} into my javascript at the bottom of the page it appears like this

<script>
var json = {&#39;markers&#39;: [{&#39;marker_id&#39;: 1, &#39;lat&#39;: &#39;-33.8653882&#39;, &#39;lng&#39;: &#39;151.216084&#39;}, {&#39;marker_id&#39;: 2, &#39;lat&#39;: &#39;49.15987639&#39;, &#39;lng&#39;: &#39;5.38442310&#39;}]};
</script>

i dont know what to search for and i want to know why this is happening and how to stop it.

The object is generated by a function in my python script

def get_marker(conn):
  JSONobj = { "markers" : [] } 
  cur = conn.cursor(MySQLdb.cursors.DictCursor)
  cur.execute("SELECT * FROM marker")
  data = cur.fetchall()
  for row in data:
      JSONobj["markers"].append(row)

  return JSONobj
bailey.bailey
  • 157
  • 9
  • 2
    I have tested your code in plain jinja2 template and it worked. So I think you are using flask which enables autoescape by default. You can check document: http://flask.pocoo.org/docs/0.12/templating/#standard-filters – Sraw Jan 05 '18 at 02:46

1 Answers1

0

There are two approaches you can try here:

  1. See this answer where you can use jQuery to escape / unescape the HTML entities like so:

    var s = "&#39;markers&#39;" var foo= $('<textarea />').html(s).text(); foo "'markers'"

  2. Alternatively, you can selectively unescape HTML in flask like so:

{% autoescape false %}

<p>{{markers}}</p>

{% endautoescape %}

JacobIRR
  • 8,545
  • 8
  • 39
  • 68