阻止 django 取出 javascript/frames?
非常新手的问题,但请温柔地对待我。我们的网站使用 Django CMS,我们正在尝试将一些 javascript 插入到特定的故事中,但似乎 Django 会在我们保存故事后立即删除我们放入其中的所有 javascript 或 iframe。我们如何允许在故事中使用 javascript?是故意排除的,还是我们需要将这个功能编码到网站中?
任何帮助将非常感激。
Very newbie question, but please be gentle with me. Our site uses Django CMS and we're trying to insert some javascript into particular stories, but it appears Django is stripping out any javascript or iframes we put in there as soon as we save the story. How do we allow javascript to be used in stories? Is it being deliberately excluded, or do we need to code this function into the site?
Any help would be incredibly appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
当模板呈现内容时,Django 可能会自动转义 javascript / html 的内容。这样做是出于安全目的。
解决方案取决于您运行的 django 版本、您是否要渲染来自不受信任来源的任何内容、模板的组合方式以及为模板准备内容的视图。
Django is probably automatically escaping the content the javascript / html as the template renders the content. It does this for security purposes.
The solution depends on which version of django you're running, whether you'll be rendering any content from untrusted sources, how the templates are put together and perhaps the view that prepares the content for the template.
Django 不会删除 javascript,因为它与客户端无关。
您如何将 javascript 插入您的网站?如果您尝试将其放入数据库(例如),它将转义。
Django doesn't strip out javascript, because it is client side agnostic.
How are you inserting javascript into your website? If you are trying to put it into database (like ) it will escaped.
通读有关自动 HTML 转义的文档:
http://docs.djangoproject。 com/en/1.1/topics/templates/#id2
Read through the docs on automatic HTML escaping:
http://docs.djangoproject.com/en/1.1/topics/templates/#id2