AnQiCMS's template system provides a solid foundation for content operations with its powerful functions and flexible customization.In the daily content display, we often encounter the need to automatically convert URLs in plain text to clickable HTML links.urlizeThe filter is designed for this purpose, it can intelligently identify URLs or email addresses in text and wrap them in<a>the tag.
However, when usingurlizeWhen using the filter, a common practice is to|safeFilter.The reason behind this is that AnQiCMS (and most modern template engines) defaults to escaping HTML entities for all content output through variables to prevent security issues such as cross-site scripting (XSS).|safewith explicit instructions,urlizegenerated<a href="...目标的URL...">链接文本</a>will be rendered as<a href="...">链接文本</a>Users see a string of source code instead of clickable links.|safeThe function of the filter is to inform the template engine: 'This content has been confirmed as safe HTML, please output it directly without escaping.'
If for some specific development specifications or special scenarios, we hope to avoid using it directly|safewithout using a filter.urlizeCorrectly output HTML links, has AnQiCMS provided the corresponding solution? The answer is yes, we can achieve this goal through the template engine'sautoescapetag to achieve this goal.
AnQiCMS模板引擎提供了一个名为Englishautoescape的强大标签,它允许我们对模板中特定区域的HTML转义行为进行精确控制。autoescape标签可以接收EnglishonoroffAs a parameter, it is used to indicate whether the code block it wraps is enabled for automatic escaping.
- When using
{% autoescape on %}It will force-enable the automatic HTML escaping for all its content, even if some of the content may be marked as safe. - While we are using
{% autoescape off %}auto