When building and managing website content, we often need to display rich text content with specific formats or interactive effects on the page, such as the main text of articles, product descriptions, or even embedded video players or maps.AnQiCMS (AnQiCMS) is an efficient and flexible content management system that, when dealing with these requirements, defaults to an important security measure: escaping the HTML code output from the template.This mechanism is designed to protect the website from potential security threats, but in some cases, it may cause the expected HTML structure to be rendered incorrectly.This article will delve into the HTML escaping mechanism of AnQiCMS and provide practical methods to help you safely and effectively output unescaped HTML code in templates.
Understand AnQiCMS's default security strategy: HTML encoding
AnQiCMS's template engine, when processing variable output, follows the design philosophy of mainstream template engines such as Django, and defaults to escaping special characters such as HTML tags and JavaScript code. For example, if you enter content in the background<h1>Hello World!</h1>used in the template directly{{ content_variable }}Output, what you see may not be a large title, but the original HTML text<h1>Hello World!</h1>.
This default translation