Is there a way to disable html escaping globally?

Question

Is there a way to disable html escaping globally?

Closed this issue 6 years ago · 5 comments

Some projects like ansible and stackstorm use template engines on YAML data streams. In this case the {{ variable }} is used without escaping. Requiring {{{ variable }}} or {{& variable }} is unfamiliar to most folks. It would be nice to have a global default escaping mode where the default is HTML but an option would be None.

Answer 1 · 2019-05-02T12:43:54.000Z

I moved to jinja2 which doesn't do this by default. Closing.

Answer 2 · 2019-10-27T20:03:55.000Z

Hi,

I would like to re-open this issue, as adding & token to all variables in projects that doesn't requires HTML escaping is too much.

Right now I'm monkey-patching it :/

chevron.renderer._html_escape = lambda string: string

But it would be nice to have more convenient way of doing this eg. passing custom escaper to render function, setting bool flag globally, passing bool flag to render function

If this is feasible, I'm willing to submit PR?

Answer 3 · 2021-09-14T22:09:01.000Z

@dutekvejin thanks for the monkey patch.. saved my day.

Answer 4 · 2022-01-15T16:53:53.000Z

@dutekvejin thanks for quick solution:

chevron.renderer._html_escape = lambda string: string

The following monkey patch should also work for someone like me don't want to import chevron.renderer:

chevron.render.__globals__['_html_escape'] = lambda string: string

Answer 5 · 2022-10-19T09:10:23.000Z

Adding my support for a global (or parameter) to disable the HTML escaping. I have a use case where I am emulating another system uses the same syntax for {{ name }} to allow variable expansion but sometimes requires escaping and sometimes not. The system knows when to escape, or not, but there is no easy way for me to stop this in chevron without the monkey-patching above. Perhaps a new option on render?