Yes, this is what you want:
<td>{{=XML(row.basic.comments.replace('\n','<br>'),sanitize=True)}}</
td>
<br> is deprecated and it should be <br />, sanitize fixes it for you.
You can also be more explicit
<td>{{=XML(row.basic.comments.replace('\n','<br>'),permitted_tags=
['br/'],sanitize=True)}}</td>
so that only <br /> is un-escaped.
Massimo
On Jun 14, 8:56 pm, Eddie Eyles <[email protected]> wrote:
> I'm retrieving data that may contain carriage returns, and I want to
> display this with these line breaks intact, i.e. I need to put either
> a '<br/>' or an HTML block element closure/opening in place of each
> carriage return. I have tried the following in the view:
>
> <td>{{=row.basic.comments.replace('\n','<br/>')}}</td>
> -- this outputs '<br/>' instead of '<br/>', as you would expect
>
> <td>{{=row.basic.comments.replace('\n',XML('<br/>'))}}</td>
> -- this generates an error 'expected a character buffer object'
>
> <td>{{=XML(row.basic.comments.replace('\n','<br/>'))}}</td>
> -- this achieves what I want, but of course it also means the entire
> field is unescaped, leaving it vulnerable to XSS attack
>
> <td>{{=XML(row.basic.comments.replace('\n','<br/>'),sanitize=True)}}</
> td>
> -- this produces gobbledegook
>
> <td>{{=XML(row.basic.comments.replace('\n','<br>'),sanitize=True)}}</
> td>
> -- this seems to be just right (but strangely the expected '<br>' tags
> are converted to '<br/>')
>
> Am I doing the right thing with my last effort? I am very new to both
> web2py and python.
>
> Eddie
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
