AnQiCMS Help Document and User Guide
In website content operation, we often encounter such situations: when the text content extracted from the database, or the text entered in the background plain text editor, is displayed on the front-end template, the originally clear line breaks become long sentences stacked together.This is because the browser defaults to not parsing newline characters (`\n`) as line breaks in HTML.To solve this problem in the AnQiCMS template, we need to use the powerful template filter function of AnQiCMS to display text content as expected in line.
In Anqi CMS, when processing text content, we often need to automatically convert the URLs or email addresses contained within into clickable links.This not only improves the user experience, but also helps search engines better understand the content of the page.Therefore, AnQi CMS provides two very practical filters: `urlize` and `urlizetrunc`.Their core function is to intelligently convert URLs and email addresses in text to the HTML `<a>` tag, but there are key differences in specific application scenarios and effects.
In website content creation, we often need to mention URLs and email addresses in articles, descriptions, or comments.If this information is just plain text, users cannot directly click to jump, which undoubtedly affects user experience and the efficiency of information transmission.AnQiCMS as an efficient content management system fully considers this requirement and built-in smart functions can automatically convert URLs and email addresses in plain text to clickable HTML links.
In AnQiCMS template development, for the safety of the website, the system defaults to automatically escaping all HTML content output to the page. This means that when you directly output a variable containing special HTML characters in the template, for example, `<script>alert('XSS')</script>`, AnQiCMS will convert it to `<script>alert('XSS')</script>`
In website operation, we sometimes need to output custom JavaScript code on the page, which may be to implement specific interactive functions, integrate third-party service scripts (such as statistical codes, advertising codes), or add some dynamic effects to the page.However, when these JavaScript codes themselves contain some special characters, especially HTML tags (such as `<script>`), if not handled correctly, it may cause the page to display abnormally, disable functions, or even bring serious security vulnerabilities.
In the development of Anqi CMS templates, we often encounter the need to handle the security of content display, especially when the content may contain user input or be obtained from external sources.It is particularly important to escape special characters at this time to prevent potential cross-site scripting attacks (XSS).AnQi CMS provides the `escape` and `e` filters to help us deal with such issues, they have the same function, and `e` is just an abbreviation alias of `escape`.
In today's network environment, website security is of great concern to operators, among which cross-site scripting attacks (XSS) are one of the common security threats.XSS attacks inject malicious scripts into web pages, steal user data, alter page content, and even control user sessions.AnQiCMS as a content management system that focuses on security, built a series of powerful HTML escaping mechanisms to effectively prevent such attacks when processing user submitted content and displaying it in templates.
In AnQi CMS template engine, the default automatic escaping mechanism is an important security feature, which can convert special characters in HTML tags and JS scripts (such as `<`, `>`, `&`, etc.) to corresponding HTML entities, thereby effectively preventing cross-site scripting (XSS) attacks.However, in certain specific content output scenarios, we indeed need to allow the browser to parse and render the HTML or similar HTML code as it is, at which point the `safe` filter becomes crucial.
When using AnQiCMS to build a website and design a template, you may encounter a common problem: when outputting some content in the template, the tags that were originally expected to be displayed as HTML are automatically converted to plain text, for example, `<p>This is a paragraph</p>` becomes `<p>This is a paragraph</p>`.This loses the original style and structure of the content.Understanding this problem and knowing how to handle it is very important for template developers.Why does the AnQiCMS template automatically escape HTML tags?
On a website built with AnQiCMS, the core of the document detail page is often the main content of the article, namely the `Content` field.This field carries a wealth of information, ranging from simple text to complex text and image layouts, multimedia embedding, and even custom code segments.Therefore, how to correctly and safely display these contents containing HTML format in the template is a key skill that every AnQiCMS user needs to master.AnQiCMS when designing template rendering, fully considers the security of the content.