pythonflasksummernote
Python display plain text as html
I gotta do a notes app so I decided to use summernote and python flask for this.
I got a form where the user has to input the title and the content using a summernote textarea then the input is stored in the DB.
The problem that I got is when I try to display the notes they come as plain text
this is how I display them
{% for foo in notes %}
<div class="card">
<div class="card-header">
<div class="card-title">{{ foo.title }}</div>
</div>
<div class="card-body">
<div class="ribbon-wrapper ribbon-lg">
<div class="ribbon bg-primary">
<p>{{ foo.category_name }}</p>
</div>
</div>
{{ foo.content }}
</div>
<div class="card-footer">
<a href="#" class="btn btn-info btn-xs"><i class="fas fa-eye"></i></a>
<a href="#" class="btn btn-danger btn-xs"><i class="fas fa-trash"></i></a>
</div>
</div>
{% endfor %}
Is there any way that I could actually render the HTML content instead of displaying it as plain text?
Solution
Use Jinja's safe or escape filters
https://jinja.palletsprojects.com/en/2.10.x/templates/?highlight=safe#safe
https://jinja.palletsprojects.com/en/2.10.x/templates/?highlight=safe#escape
{{ foo.content | safe }}
{{ foo.content | escape }}
Always be mindful of trusting user input: https://flask.palletsprojects.com/en/1.1.x/security/