I would like to take text from a flask form and execute it in an HTML script.
Here is a minimal example of what I mean:
// PYTHON
from flask import Flask, render_template, redirect, url_for
from flask_wtf import FlaskForm
from wtforms import TextAreaField, SubmitField
app = Flask(__name__)
app.config['SECRET_KEY'] = "a_secret"
class Form(FlaskForm):
html = TextAreaField("HTML to be excecuted: ")
submit = SubmitField("Submit code")
code = ""
@app.route("/make_code", methods=["GET", "POST"])
def make_code():
form = Form()
if form.validate_on_submit():
global code
code = form.html.data
return redirect(url_for("see_code"))
return render_template("make_code.html", form=form)
@app.route("/see_code")
def see_code():
return render_template("see_code.html", code=code)
if __name__ == '__main__':
app.run(debug=True)
// make_code.html
<form method="POST">
{{ form.hidden_tag() }}
{{ form.csrf_token }}
{{ form.html.label }}
{{ form.html() }}
{{ form.submit() }}
</form>
// see_code.html
{{ code }}
However, when I submit <strong>Hello</strong>, flask changes it to be <strong>Hello</strong>gt;
Is there any way to stop this?
