django-softhyphen icon indicating copy to clipboard operation
django-softhyphen copied to clipboard

Published 20 hours ago verified publisher icon datadesk

HTML escape problems when using as tempate filter

Open MacLake opened this issue 9 years ago • 1 comments

I’ve tried django-softhyphen as a template filter with Django 1.9.1, Python 3.4

When I leave autoescape on (the default), I get all the ­ escaped, so they are being displayed as ­ on the web page. So I have to turn off autoescape for the fields where want hyphenation, which might be a security problem, and causes problems when there are & or < in the text fields, which are then interpreted as HTML syntax. I had a company name with & and no space afterwards, which displayed as a funny special character. Putting a space after the & avoids this, but it’s still wrong HTML.

MacLake avatar Feb 12 '16 13:02 MacLake

Yeah, the templatetag needs to be wrapped in mark_safe:

from django.utils.safestring import mark_safe

@register.filter
def softhyphen(value, language=None):
    """
    Hyphenates html.
    """
    return mark_safe(hyphenate(value, language=language))

(Think about it, if that would actually be insecure...)

derhedwig avatar Jun 06 '16 12:06 derhedwig