Stop nunjucks from escaping HTML

OK so almost immediately after I posted this I found the answer! for anyone else looking it's simply this; within your template where you're printing your variable add the safe filter, which will disable automatic escaping.

{{ comment.content|safe }}

Although this means it's vulnerable to XSS injection, so make sure you add your protection on the server side.

You could consider passing the comment's meta data and letting the template create the HTML:

<p>
  <a href="{{ comment.user.url }}">{{ comment.user.name }}</a> {{ comment.text }}
</p>

Then pass the following meta data:

comment: {
  user: { url: "profile/derp", name: "Username" },
  text: "hey what's up"
}

You can also avoid escaping globally using:

nunjucks.configure({ autoescape: false });

Stop nunjucks from escaping HTML

Tags:

Javascript

Template Engine

Nunjucks

Related

Recent Posts