I wrote this little function for writing out HTML tags:
def html_tag(tag, content=None, close=True, attrs={}):
lst = ['<',tag]
for key, val in attrs.iteritems():
lst.append(' %s="%s"' % (key, escape_html(val)))
if close:
if content is None: lst.append(' />')
else: lst.extend(['>', content, '</', tag, '>'])
else:
lst.append('>')
return mark_safe(''.join(lst))
Which worked great, but then I read this article on efficient string concatenation (I know it doesn't really matter for this, but I wanted consistency) and decided to update my script:
def html_tag(tag, body=None, close=True, attrs={}):
s = StringIO()
s.write('<%s'%tag)
for key, val in attrs.iteritems():
s.write(' %s="%s"' % (key, escape_html(val)))
if close:
if body is None: s.write(' />')
else: s.write('>%s</%s>' % (body, tag))
else:
s.write('>')
return mark_safe(s.getvalue())
But now my HTML get escaped when I try to render it from my template. Everything else is exactly the same. It works properly if I replace the last line with return mark_safe(unicode(s.getvalue()))
. I checked the return type of s.getvalue()
. It should be a str
, just like the first function, so why is this failing??
Also fails with SafeString(s.getvalue())
but succeeds with SafeUnicode(s.getvalue())
.
I'd also like to point out that I used return mark_safe(s.getvalue())
in a different function with no odd behavior.
The "call stack" looks like this:
class Input(Widget):
def render(self):
return html_tag('input', attrs={'type':self.itype, 'id':self.id,
'name':self.name, 'value':self.value, 'class':self.itype})
class Field:
def __unicode__(self):
return mark_safe(self.widget.render())
And then {{myfield}}
is in the template. So it does get mark_safed
'd twice, which I thought might have been the problem, but I tried removing that too..... I really have no idea what's causing this, but it's not too hard to work around, so I guess I won't fret about it.