[Zope] How to convert characters that have special meaning in HTML to HTML character entities

Martijn Pieters mj at zopatista.com
Thu Apr 6 08:24:26 EDT 2006


On 4/6/06, Jonathan Bowlas <jb012b8598 at blueyonder.co.uk> wrote:
> I have a string that contains a <a
> href="http://www.mywebaddress.com">link</a> tag that I would like rendered
> as HTML when output but it only seems to render in the html page like this
> &lt;a href="http://www.mywebaddress.com"&gt;link&lt;/a&gt;
>
> To replace the characters, I tried this in my TAL:
>
> <tal:block tal:define="d_stand row/STANDFIRST | nothing;
> d_stand_replaced_chars python: (str(d_stand)).replace('&gt;','>');">
>
> <p tal:condition="d_stand_replaced_chars"
> tal:content="d_stand_replaced_chars" />
> </tal:block>
>
> But it converted the '&gt;' I replaced with a '>' back to a '&gt;' upon
> rendering the string in a html page.

TAL escapes characters that have special meaning in HTML or XML by
default, to avoid XSS attacks. You can force TAL to not do this with
the 'structure' keyword, like so:

  <span tal:replace="structure
string:&lt;blink&gt;Blinking&lt;/blink&gt;">Not blinking</span>

--
Martijn Pieters


More information about the Zope mailing list