Customizable auto-escaping for jinja2.
Project description
When using Jinja2-templates to output non-HTML contents, autoescaping cannot be used because it is hardcoded to work with an HTML escape function and MarkupSafe’s Markup objects.
jinja_vanish enables implementing custom auto-escapes by overriding the escape function inside the generated template code using an extended code-generator and replacing the built-in filters |e and |escape. Usage is fairly simple, here is an example that uses psycopg2’s mogrify() function to escape SQL for Postgres:
from datetime import datetime
from jinja_vanish import DynAutoEscapeEnvironment, markup_escape_func
from psycopg2.extensions import adapt
@markup_escape_func
def sql_escape(v):
# the decorator handles wrapping/unwrapping in Markup(), but is
# otherwise not necessary
return adapt(v)
env = DynAutoEscapeEnvironment(autoescape=True, escape_func=sql_escape)
tpl = env.from_string('SELECT * FROM foo where post_date <= {{now}}')
print(tpl.render(now=datetime.now()))
Running it outputs:
SELECT * FROM foo where post_date <= '2016-01-24T23:23:22.727789'::timestamp
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
jinja-vanish-0.1.tar.gz
(2.5 kB
view details)
File details
Details for the file jinja-vanish-0.1.tar.gz
.
File metadata
- Download URL: jinja-vanish-0.1.tar.gz
- Upload date:
- Size: 2.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3a28347909a9114e9b64602422e82ca70d95095bf171c447871f0aabd2a119f2 |
|
MD5 | 7897bb38f16b1f48692ca5f3f24da1df |
|
BLAKE2b-256 | 074924f904774457a8d6a78b1061da23836066236b8ed10cf71cc0efa7823e0a |