15.6 Security Implications of FlatPages
Before we go, reexamine our flatpages template in templates/flatpages/default.html
, shown in Example 15.25
templates/flatpages/default.html
in 4b8bef1bdb
9 <div> 10 <h1> {{ flatpage.title }}</h1> 11 {{ flatpage.content }} 12 </div>
In most cases, we’re going to want to store HTML in the content
field of FlatPage
objects. As mentioned in Chapter 4: Rapidly Producing Flexible HTML with Django Templates, all of the string variables output in Django templates are escaped. Anything that is a special character in HTML (such as <) will become an HTML entity, as shown in Example 15.26.
Get Django Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.