将 \n 转换为
在 mako 文件中
我正在使用 python 和 pylons
我想显示 mako 文件中文本区域中保存的数据,并使用正确格式化的新行进行显示
这是最好的方法吗?
> ${c.info['about_me'].replace("\n", "<br />") | n}
I'm using python with pylons
I want to display the saved data from a textarea in a mako file with new lines formatted correctly for display
Is this the best way of doing it?
> ${c.info['about_me'].replace("\n", "<br />") | n}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
您的解决方案的问题在于您绕过了字符串转义,这可能会导致安全问题。这是我的解决方案:
或者,如果您想多次使用它:
此解决方案使用
markupsafe
,mako
使用它来标记安全字符串并知道要转义哪些字符串。我们仅将
标记为安全,而不是字符串的其余部分,因此如果需要,它将被转义。The problem with your solution is that you bypass the string escaping, which can lead to security issues. Here is my solution :
or, if you want to use it more than once :
This solution uses
markupsafe
, which is used bymako
to mark safe strings and know which to escape. We only mark<br/>
as being safe, not the rest of the string, so it will be escaped if needed.在我看来,这是完全合适的。
请注意,
replace()
返回原始字符串的副本,并且不会就地修改它。因此,由于此替换仅用于显示目的,因此应该可以正常工作。这是一个视觉示例:
原始字符串保持不变。那么...这是最好的方法吗?
问问自己:这有效吗?它是否能够快速完成工作而不诉诸可怕的黑客手段?那么是的,这是最好的方法。
It seems to me that is perfectly suitable.
Be aware that
replace()
returns a copy of the original string and does not modify it in place. So since this replacement is only for display purposes it should work just fine.Here is a little visual example:
The original string remains unchanged. So... Is this the best way of doing it?
Ask yourself: Does it work? Did it get the job done quickly without resorting to horrible hacks? Then yes, it is the best way.
请注意,
为了安全起见,请尝试
s.replace('\r\n', '
然后')
s.replace('\n', '
。')
Beware as line breaks in
<textarea>
s should get submitted as\r\n
according to http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.13.4To be safe, try
s.replace('\r\n', '<br />')
thens.replace('\n', '<br />')
.这对我来说似乎很危险,因为它会打印整个字符串而不转义,这将允许呈现任意标签。确保在打印之前使用 lxml 或类似工具清理用户的输入。请注意,lxml 将包装在 HTML 标记中,它只是无法处理不是这样的内容,因此请准备好手动删除它或调整 CSS 以适应。
This seems dangerous to me because it prints the whole string without escaping, which would allow arbitrary tags to be rendered. Make sure you cleanse the user's input with lxml or similar before printing. Beware that lxml will wrap in an HTML tag, it just can't handle things that aren't like that, so get ready to remove that manually or adjust your CSS to accommodate.
试试这个,它会起作用:-
try this it will work:-
还有一个可以调用的简单帮助函数,它将正确格式化和清理文本,替换
标签的 \n (请参阅 http://sluggo.scrapping.cc/python/WebHelpers/modules/html/converters.html)。
在 helpers.py 中添加以下内容:
然后在您的 mako 文件中简单地说
santize=True 只是意味着它将确保转义任何其他令人讨厌的代码,以便用户无法破解您的网站,因为默认值为 False。或者,我在助手中做一个简单的包装函数,以便 santize=True 始终默认为 True ie
这样你就可以从你的 mako 文件中调用 h.textilize( c.info['about_me'] ) ,如果你使用很多设计师阻止他们发疯。
There is also a simply help function that can be called which will format and santize text correctly replacing \n for
tags (see http://sluggo.scrapping.cc/python/WebHelpers/modules/html/converters.html).
In helpers.py add the following:
Then in your mako file simply say
The santize=True just means that it will make sure any other nasty codes are escaped so users can't hack your site, as the default is False. Alternatively I make do a simple wrapper function in helpers so that santize=True is always defaults to True i.e.
This way you can just call h.textilize( c.info['about_me'] ) from your mako file, which if you work with lots of designers stops them from going crazy.