javascript - 使用 Jquery 的 Flask 模板中的编码问题

Question

我有两个模板，第一个模板只是从数据库中提取数据并将其显示在页面上，第二个模板将相同的数据传递给提供布局和其他内容的 jquery“制表器”。 问题是显然相同的 {{ place.name }} 被打印为 Chips & Beers在第一个和 Chips & Beers关于第二个。

这是第一个模板

<html>
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css" integrity="sha512-dTfge/zgoMYpP7QbHy4gWMEGsbsdZeCXz7irItjcC3sPUFtf0kuFbDz/ixG7ArTxmDjLXDmezHubeNikyKGVyQ==" crossorigin="anonymous">
    <title>Milano - Publist</title>
</head>

<body>

    <div class="container">
        <table>
            <tr>
                <th>NOME</th>
            </tr>
            {% for place in places %}
                <div class="row">
                    <tr>
                        <td>{{ place.name }}</td>

                    </tr>
                </div>
            {% endfor %}
        </table>
</body>

这个是带有 jquery 和 tabulator 的模板。

<html>
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css" integrity="sha512-dTfge/zgoMYpP7QbHy4gWMEGsbsdZeCXz7irItjcC3sPUFtf0kuFbDz/ixG7ArTxmDjLXDmezHubeNikyKGVyQ==" crossorigin="anonymous">
    <link href="static/tabulator.min.css" rel="stylesheet">
    <title>Milano - Publist</title>
</head>

<body>

    <div class="container">
        <script type="text/javascript" src="static/jquery.js"></script>
        <script type="text/javascript" src="static/jquery-ui.min.js"></script>

        <script type="text/javascript" src="static/tabulator.min.js"></script>
        <div id="example-table"></div>
        <script type="text/javascript">

        var tabledata = [];
        {% for place in places %}
            var line = {}
            line.name = "{{ place.name }}"
            tabledata.push(line)
        {% endfor %}
            //load sample data into the table

            $("#example-table").tabulator({
            height:"100%", // set height of table (in CSS or here), this enables the Virtual DOM and improves render speed dramatically (can be any valid css height value)
            layout:"fitColumns", //fit columns to width of table (optional)
            columns:[ //Define Table Columns
                {title:"Nome", field:"name", width:150}
            ],
        });

         $("#example-table").tabulator("setData", tabledata);
        </script>

    </div><!-- /.container -->
</body>

我无法找出编码实际发生的位置。

Answer 1

根据文档:Formatting Data

Note: To guard against code injection, any formatters that are meant to display text (plaintext, textarea, money, email, link) have the data sanitized first to escape any potentially harmful HTML or JavaScript from making into the table, this causes any such data to be displayed as its plain text alternative. If you want the HTML to be displayed correctly use the html formatter, but be aware if your data can be user edited this could allow for malicious script injection.

您看到的是一个简单的 HTML 编码，它的存在是为了您的应用程序的安全。您可以尝试使用 formatter:"html" 或自行准备自定义过滤器。