Home/ Questions/Q 7046101
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T02:36:37+00:00

In the docs it says: The only exceptions are variables that are already marked

  • 0

In the docs it says:

The only exceptions are variables that are already marked as “safe” from escaping, either by the code that populated the variable, or because it has had the safe or escape filters applied.”

How does the “populated the variable” part work ? I’m actually looking for a way to declare a template tag as safe in the view. I somehow think it’s not a good idea to let a designer decide. My co-worker will just add it whenever she ‘thinks’ it’s a good idea.

https://docs.djangoproject.com/en/dev/ref/templates/builtins/?from=olddocs

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Django has a subclass of strings called safe strings (specifically SafeUnicode or SafeString), which can be created using django.utils.safestring.mark_safe. When the template engine comes across a safe string it doesn’t perform HTML escaping on it:

    >>> from django.utils.safestring import mark_safe
>>> from django.template import Template, Context
>>> Template("{{ name }}").render(Context({'name': mark_safe('<b>Brad</b>')}))
u"<b>Brad</b>"

    If you’re writing your own template tag, you need to implement render() which will return a string that will be treated as safe, meaning you have to handle any escaping necessary yourself. However if you’re writing a template filter, you can set the attribute is_safe = True on the filter to avoid auto escaping of the returned value, e.g.

    @register.filter
def myfilter(value):
    return value
myfilter.is_safe = True

    See https://docs.djangoproject.com/en/4.0/howto/custom-template-tags/#filters-and-auto-escaping for more details.

    • 0