I have a Django site with a Post object like so:
class Post(models.Model):
title = models.CharField(max_length=100,blank=True,null=True)
body = models.TextField(blank=True,null=True)
author = models.ForeignKey(User,blank=True,null=True)
date_created = models.DateTimeField(default=timezone.now)
date_updated = models.DateTimeField(auto_now_add=True)
image = models.ImageField(upload_to=post_dir, blank=True, null=True)
def __unicode__(self):
return unicode(self.date_created.strftime('%Y-%m-%d %H:%M') + ' ' + self.title)
which outputs body TextField
like so in order to support HTML:
{% if post.body %}
<p>
{{ post.body | safe }}
</p>
{% endif %}
My question is, since the admins can input HTML which could potentially malform the html (such as post.body = '</div></div>'
), what is the best way to format and sanitize this textfield while still allowing users to input html?
我使用django-ckeditor
获得了一些其他功能所需的功能
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.