15.6 Security Implications of FlatPages
Before we go, reexamine our flatpages template in templates/flatpages/default.html, shown in Example 15.25
Example 15.25: Project Code
templates/flatpages/default.html in 4b8bef1bdb
9 <div> 10 <h1> {{ flatpage.title }}</h1> 11 {{ flatpage.content }} 12 </div>
In most cases, we’re going to want to store HTML in the content field of FlatPage objects. As mentioned in Chapter 4: Rapidly Producing Flexible HTML with Django Templates, all of the string variables output in Django templates are escaped. Anything that is a special character in HTML (such as <) will become an HTML entity, as shown in Example 15.26.
Example 15.26: Python Interpreter ...
Get Django Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
