I am using bottle and peewee as the framework in back end, sqlite3 as the DB. And the summernote is the text editor at the front. Succeed in saving the code into DB, but failed to display the text when retrieving from the DB.
DB data: The Draft column is the html
Source code:
Front:
$('#summernote').summernote("code", "{{content}}");
Backend:
template('apps_post_editer', appName='Post New', pid=newPost.id, title=('' if newPost.title is None else str(newPost.title)), content=('' if newPost.draft is None else unicode(str(newPost.draft), "utf-8")))
I thought it was the coding problem at the beginning, so i use unicode to turn the value in utf-8, but does not work. And also failed only str(newPost.draft)
The result: You can see that the html code is not converted
Question: Why it happens like that? Is there any solution?
Thanks very much.
Update: sorry it is my first question, don't know why the picture don't display...Please click the link to get more details... OK...need 10 reputation
When you want to render HTML that comes from the database with bottle, you have to tell the rendering engine that the content is safe to render in order to avoid XSS attacks.
With bootle you can disable escaping for expressions like this:
{{! summernotecontent}}
in your case that would be:
$('#summernote').summernote("code", "{{! content}}");
You can find the documentation on this topic in bottle here