In the daily operation of AnQiCMS, the way content is presented and the security are the key factors that determine the professionalism and user experience of the website.AnQiCMS powerful template engine, which draws on many advantages of the Django template engine, among which the "filter" (filters) is a master behind the scenes for content formatting and security processing.These filters can help us easily process the output content, whether it is to simplify text, convert formats, or ensure the safety of the content, it becomes accessible.

Filter: Content output of 'Transformers'

In simple terms, a filter is a tool for converting or processing variable values. In the AnQiCMS template, its usage is very intuitive: add a vertical bar symbol after a variable|,and then follow it with the name of the filter and optional parameters. For example,{{ obj|filter__name:param }}. By flexibly using these filters, we can present the content in the most ideal state on the front-end page.

1. Refine content, optimize reading experience: text truncation and conversion

In website operation, we often need to display a brief description of the article on the list page or in the summary. If the content is too long, it not only affects the aesthetics but also diverts the user's attention. At this time, AnQiCMS provides a variety of text truncation filters:

  • truncatecharsandtruncatewords:These filters are used to truncate text by character count or word count. For example,{{ item.Description|truncatechars:100 }}the description content will be truncated to a maximum of 100 characters and '...' will be added at the end.truncatewordsThen it is truncated by word.
  • truncatechars_htmlandtruncatewords_html:It is worth noting that if your content contains HTML tags, using them directlytruncatecharsmay destroy the HTML structure. AnQiCMS provides _htmlVersion, they can retain complete HTML tags while truncating text, ensuring that the page structure is not affected, such as{{ articleContent|truncatechars_html:150 }}.
  • Case conversion:upper/lower/capfirst/title
    • upperConvert all English characters to uppercase.
    • lowerConvert all English characters to lowercase.
    • capfirstCapitalize the first letter of a sentence.
    • titleThen each word's first letter will be converted to uppercase, commonly used for title formatting. These filters are very useful when dealing with multilingual content or titles that require specific display styles.
  • String processing:cut/replace/trim/join/split/length
    • cutCan remove specified characters from the string, such as removing extra spaces or special symbols.
    • replaceUsed to replace a substring in a string with another.
    • trim/trimLeft/trimRightIt can effectively remove whitespace characters from the beginning, end, or both ends of a string, or specify a character.
    • joinandsplitIt is a good helper for converting arrays and strings.joinThe array elements can be connected into a string using a specified separator,splitand then the string can be split into an array by the separator.
    • lengthCan easily obtain the length of a string, array, or key-value pair, often used for conditional judgment.
  • Number formatting:floatformat/integer/float
    • floatformatCan accurately control the decimal places of floating-point numbers, for example{{ price|floatformat:2 }}Display the price with two decimal places.
    • integerandfloatIt is used to convert string values to integers or floating-point numbers, which may be required before performing mathematical operations.

2. Protect content security: Avoid potential risks

The security of website content is of paramount importance, especially when dynamically loading user-generated content or rich text editor content, the potential XSS (Cross-Site Scripting) risk should not be ignored.AnQiCMS provides multi-layer security mechanisms, and the filter is one of them.

  • safeFilter:信任与风险并存enAnQiCMS's template engine defaults to escaping all output content, which means that like<script>This label will be converted to&lt;script&gt;Thus, it prevents the execution of malicious scripts.This default mechanism greatly improves security.However, in some cases, such as content generated by rich text editors, we want to display the HTML format directly, rather than being escaped.safeFilter:{{ archiveContent|safe }}.Important reminder:UsesafeThe filter means you explicitly tell the system that this part of the content is “safe”, and does not need to be escaped. Therefore,make sure you usesafeThe content source is absolutely credible.Otherwise, it will open the door to XSS attacks.
  • escape/eFilter: Explicit escaping intention.Although AnQiCMS defaults to automatic escaping,escapeor its abbreviationeThe filter can explicitly express the intention of escaping. It is mainly used to force HTML escaping for specific variables in the context of disabling automatic escaping ({% autoescape off %}) The filter can explicitly express the intention of escaping. It is mainly used to force HTML escaping for specific variables in the context of disabling automatic escaping (
  • escapejsFilter: Security Guardian in JavaScript EnvironmentWhen we need to output variable content to JavaScript code,escapejsThe filter becomes particularly important. It will perform JS safe escaping on special characters in the string (such as newline characters, quotes, etc.) to prevent syntax errors or injection attacks. For example,var userName = "{{ item.UserName|escapejs }}";.
  • Content cleaning:striptagsandremovetags
    • striptagsIt can strip all HTML tags from a string and retain only plain text content, which is very useful for generating abstracts or plain text outputs.
    • removetagsThen it is more fine-grained, allowing you to specify the HTML tags to remove, such as{{ content|removetags:"script,iframe" }}You can remove script and iframe tags from the content, effectively filtering out unnecessary or dangerous elements.

3. English Auxiliary Filter: Improve Development Efficiency

In addition to the above features, AnQiCMS also integrates many practical tools, which can greatly improve the efficiency and robustness of template development.

  • Default Value Handling:defaultanddefault_if_none {{ value|default:"暂无数据" }}: whenvalueWhen the value is an empty string, zero, false, an empty list, or an empty object, it displays “No data available”.{{ value|default_if_none:"暂无数据" }}then it is onlyvalueresponse fornilWhen (null) is displayed, the default value is shown. For empty strings, zeros, etc., they are retained. These two filters are very useful for ensuring the integrity of page data.
  • URL related filters:urlize/urlizetrunc/urlencode/iriencode
    • urlizeAutomatically identifies URLs and email addresses in text and converts them into clickable hyperlinks, and automatically addsrel="nofollow"Very suitable for handling users