Skip to content Skip to sidebar Skip to footer
Home / Ascii / Flask / Html / Javascript / Python

String Passed As " From Python Flask To Html Page

Post a Comment
i'm developing Flask App. I want to transfer simple json from the app.py to the html page. This is the relevant code at app.py: jsonArr = [{'type': 'circle', 'label': 'New York'}

Solution 1:

In order to avoid cross-site-scripting attacks, flask automatically escapes HTML sequences. If you want to avoid this, you can directly tell Flask you know what you're doing:

https://stackoverflow.com/a/3266740/3029173

from flask importMarkupvalue= Markup('<strong>The HTML String</strong>')

However!! This is risky from a security perspective. If you have any user data that can end up in the JSON, you need to consider another approach.

You would need to sanitize the JSON so a user doesn't come along with a string of </script><script>do bad things here</script>

Solution 2:

You should have a separate route with the data in JSON format.

from flask importjsonifyjsonArr= [{"type": "circle", "label": "New York"},
       {"type": "circle", "label": "New York"}]

return jsonify(jsonArr)

Post a Comment for "String Passed As " From Python Flask To Html Page"