So Outside Technology Security CMS
AnQiCMS
Online Demonstration

How to safely output rich text content containing HTML tags in Anqi CMS template?

Calendar 👁️ 66

In website operation, rich text content is widely used in articles, product introductions, and single-page scenarios due to its rich expression forms, such as inserting images, custom font styles, and tables.AnQi CMS as an efficient content management system also fully supports the editing and storage of various rich text content.However, rich text content, while bringing convenience, also hides a non-negligible security challenge - how to safely output this content containing HTML tags in templates to prevent potential cross-site scripting attacks (XSS).

The template engine of AnQi CMS has taken full consideration of security in its design.When you output any content in the template, the template engine will default to HTML escaping it.This means, if your rich text content includes such as<script>HTML tags that are not parsed by the browser as executable code, but are converted to&lt;script&gt;Entity characters are displayed as plain text. This default escaping mechanism is the first line of defense for website security, as it effectively prevents malicious scripts from causing harm by injecting content.

However, for those who really need to display HTML structures, such as article bodies, product detail pages with complex layouts, or detailed introductions of categories, and single pages, the default escaping behavior will cause the content to be rendered incorrectly, displaying a pile of raw HTML tags.In this case, we need to explicitly tell the Anqi CMS template engine that certain content is confirmed 'safe' HTML and can be directly output.The most commonly used and direct way to achieve this is to use|safefilter.

Use|safeFilter to safely output rich text

|safeThe filter is an instruction to inform the template engine 'Do not escape this content.' When you are sure that the HTML content contained in a variable is safe and harmless, and you want it to be parsed and rendered by the browser, you can add it when outputting the variable.|safe.

For example, on the article detail page, we usually usearchiveDetailLabel to retrieve data. If the article content is entered from a rich text editor, which includes paragraphs, images, links, and other HTML structures, then when outputting in the template, it needs to be handled like this:

<div>
    {# archiveContent 变量包含了文章的富文本内容 #}
    {%- archiveDetail archiveContent with name="Content" %}
    {{ archiveContent|safe }}
</div>

Similarly, the handling of content for category detail pages or single-page detail pages is also consistent:

{# 输出分类详情内容 #}
<div>
    {%- categoryDetail categoryContent with name="Content" %}
    {{ categoryContent|safe }}
</div>

{# 输出单页面详情内容 #}
<div>
    {%- pageDetail pageContent with name="Content" %}
    {{ pageContent|safe }}
</div>

By adding to the variable|safethe template engine will skip the processing ofarchiveContent/categoryContentorpageContentThe process of HTML escaping the content, directly outputting it as HTML code to the browser, thus achieving the correct rendering of rich text content.

UseautoescapeTags for more flexible control

In addition to using for individual variables:|safeThe template engine of AnQi CMS also provides a filter,autoescapeTags can control the automatic escaping behavior within a code block. If you have multiple variables in a template area that need to turn off or on HTML escaping, useautoescapeTags will avoid repeated use|safeThe filter will be more concise and intuitive.

You can use{% autoescape off %}To close the automatic escaping of a block and use it at the end of the block{% autoescape on %}or{% endautoescape %}To restore the default escaping behavior.

{% autoescape off %}
    <div class="rich-text-area">
        {# 这个区域内的所有变量,包括 rich_text_var1 和 rich_text_var2,都将关闭自动转义 #}
        <p>{{ rich_text_var1 }}</p>
        <p>{{ rich_text_var2 }}</p>
    </div>
    {# 如果这里需要恢复转义,可以使用 {% autoescape on %} #}
{% endautoescape %}

autoescape offThe scope of its action is within the tag, which can conveniently manage rich text output within a specific area.

Rendering and security of Markdown content

The AnQi CMS also supports Markdown editors, which provides content creators with another convenient writing method.After you enable the Markdown editor in the background, the system will automatically convert Markdown syntax to HTML.If you need to render Markdown content in the template, even if the Markdown editor is not enabled, you can alsoarchiveDetailsuch as tags,ContentAdded in the field parametersrender=trueRender强制.

For example:

<div>
    {# 强制渲染Markdown内容为HTML,并安全输出 #}
    {%- archiveDetail articleMarkdownContent with name="Content" render=true %}
    {{ articleMarkdownContent|safe }}
</div>

Please note, whether through Markdown editor automatic conversion, or throughrender=trueThe parameters are manually converted, and the final content generated is all HTML. Therefore, when outputting these HTML contents in the front-end template, it still needs to be combined with|safeFilter to ensure that HTML tags can be parsed correctly.

Deep security guarantee for safe output: backend content filtering

Though|safeFilters andautoescapeThe tag provides necessary control for front-end template output of rich text content, but their core logic is 'trust' the content output.

Related articles

How to implement the like function for comments in Anqi CMS and update the display of likes in real time?

In website operation, user interaction is a key link in enhancing community activity.The like comment feature not only encourages user participation, but also helps website administrators identify popular comment content.For websites using AnQiCMS, to implement this feature and update the like count in real time, it can be done through the built-in template tags and a bit of front-end JavaScript code.### Comment Function Basics: How to Display Comment Lists The core of the comment function in AnQi CMS lies in the `commentList` template tag

2025-11-08

How to manage and display custom page Banner carousel in Anqi CMS?

In website operation, a beautiful page banner carousel is a key element to attract visitors' attention, convey important information, and enhance brand image.AnQiCMS provides a flexible and intuitive way to manage and display these visual contents, whether you want to set up a Banner for the homepage, a specific page, or a category page, it can be easily achieved.### Manage Custom Banner Carousel AnQi CMS allows you to set exclusive banners for different content types, mainly divided into banners for specific pages

2025-11-08

How does AnQi CMS filter and display content based on the document's Flag attribute (such as headline, recommended)?

In AnQiCMS (AnQiCMS) content management system, effectively organizing and displaying content is the key to enhancing website attractiveness and user experience.Among them, the Flag attribute (recommended attribute) function of the document, as if marking the content with a special 'mark', allows you to flexibly filter and highlight important or specific types of content according to your operational needs.What is the document Flag attribute? The document Flag attribute, also known as the recommendation attribute, is a content classification and display mechanism provided by AnQi CMS.

2025-11-08

How to add multi-dimensional parameter filtering function for the product list page in Anqi CMS and display the filtering results?

In modern e-commerce and content display websites, providing multi-dimensional parameter filtering functions for product lists has become a key factor in improving user experience and conversion rates.Visitors can quickly locate the products they need based on their own needs, not only saving time but also significantly improving the usability of the website.For users of AnQiCMS, implementing such a feature is not difficult. The built-in powerful functions and flexible template tags make the whole process intuitive and efficient.This article will delve into how to add multi-dimensional parameter filtering functions to the product list page in Anqi CMS

2025-11-08

How to implement independent content management and unified display for multi-sites in AnQiCMS?

How to implement independent content management and unified display for multiple sites in AnQiCMS?In today's rapidly changing internet environment, many enterprises and content operators face the challenge of managing multiple websites.Whether it is to have multiple brands, product lines, or to create independent content portals for different markets and audiences, efficiency and convenience are always the key.The traditional approach is often to deploy a separate system for each website, which not only increases maintenance costs but also makes content management and data integration extremely complex.AnQiCMS provides an elegant and efficient solution

2025-11-08

How to customize the content model so that it can display different types of content in a unique way on the front-end page (such as articles, products)?

In Anqi CMS, the custom ability of the content model is one of its core advantages, which gives us great flexibility, allowing the website to break free from the traditional constraints of 'articles' and 'pages', and organize and display various types of information according to actual business needs.Whether it is a complex e-commerce product detail or a refined corporate case presentation, it can present unique style and functions on the frontend page through a custom content model.### Understanding the importance of content models A content model, simply put, is the "skeleton" or "blueprint" of the content on your website

2025-11-08

How to implement multilingual switching for website content and ensure that the user interface and article content are displayed correctly?

In today's globalized digital age, having a website that supports multiple languages is crucial for businesses to expand into international markets and improve user experience.AnQiCMS (AnQiCMS) is an efficient and flexible content management system that provides a powerful and easy-to-operate multilingual switching solution, ensuring that the user interface and article content of the website can be correctly displayed to users of different languages.### The Foundation of Multilingual Websites: AnQiCMS Multi-Site Management The core mechanism of AnQiCMS for multilingual switching is its unique **multi-site management** function

2025-11-08

How to optimize URL structure through pseudo-static configuration in AnQiCMS to make content links more user-friendly and SEO-friendly?

How does AnQiCMS optimize URL structure through pseudo-static configuration to display content links more friendly to users and search engines?In today's internet environment, a website's link (URL) is not just a path to access content, it is also the first impression of user experience and an important basis for search engines to understand and evaluate web content.A clear, concise, and semantically rich URL that can significantly enhance the website's friendliness in the hearts of users and search engines.

2025-11-08