i'm developing Flask App.
I want to transfer simple json from the app.py to the html page.
This is the relevant code at app.py:
jsonArr = [{"type": "circle", "label": "New York"},
{"type": "circle", "label": "New York"}]
return render_template('demo.html', foo=42, imgs=jsonArr)
This is how I receive it it javascript script inside the html:
console.log("HI")
var foo = {{ foo }}
console.log(foo)
var images = {{ imgs }}
console.log(images)
foo is received correctly (I see the printing on the console when I remove the lines for receiving imgs)
But imgs makes error: Uncaught SyntaxError: Unexpected token &
This is what I see in the chrome browser sources:
var images = [['circle', 'New York'], ['triangle', 'Amsterdam']]
This is the html declerations:
I've tried adding/removing but it didn't work.
What am I missing? Thanks
解决方案
In order to avoid cross-site-scripting attacks, flask automatically escapes HTML sequences. If you want to avoid this, you can directly tell Flask you know what you're doing:
from flask import Markup
value = Markup('The HTML String')
However!! This is risky from a security perspective. If you have any user data that can end up in the JSON, you need to consider another approach.
You would need to sanitize the JSON so a user doesn't come along with a string of
扫一扫
396
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
