-1

I'm learning the flask web-framework. And encounter this problem. I get some text from user in markdown style, and then transfer it into HTML and store in the database.

title = request.form.get('title')
content = request.form.get('content')
html = markdown(content)
newPost = Article(title, html)
db.session.add(newPost)
db.session.commit()

When I extract the title and content from database and insert it into HTML directly, seems didn't work.

#view.py
articles = Article.query.all()
print(articles[0].body) # <h3>Test</h3>

<div class="container mb-5">
    <span class="row">
        <h4>{{ articles[0].title }}</h4>
    </span>
    <span class="row mt-3 mb-3">
        <span class="mr-2"><time>{{ articles[0].pub_date.strftime('%B %d %Y') }}</time></span>
    </span>
    <div class="row">
        {{ articles[0].body }}
    </div>
</div>

And I copy that element from chrome developer tool, the body string actually is:

<div class="row">
    &lt;h3&gt;Test&lt;/h3&gt;
</div>

Is that some thing related to encoding? And what should I do next?

Thanks!

Koen
  • 311
  • 2
  • 11

1 Answers1

0

For security reason Flask/Jinja2 changes some chars in HTML but you can use | safe to inform Flask/Jinja2 that this text is safe and it doesn't have to change it

{{ articles[0].body | safe }}

Doc: Jinja2: Working with Automatic Escaping

furas
  • 134,197
  • 12
  • 106
  • 148