Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Automatically escape text in .svg files #4831

Closed
@DenverCoder1

Description

@DenverCoder1

Summary

Currently, autoescaping is enabled for all templates ending in.html,.htm,.xml as well as.xhtml when usingrender_template() (https://flask.palletsprojects.com/en/2.2.x/templating/).

As SVG files are very similar in nearly all aspects to XML files,.svg should also be autoescaped.

Problem

In this example, trying to insert a title into an SVG to render, an error will occur if the title contains unescaped text such as an ampersand (eg. "TEST & EXAMPLE")

In amain.svg template file:

<svgxmlns='http://www.w3.org/2000/svg'xmlns:xlink='http://www.w3.org/1999/xlink'width="250"height="220"viewBox="0 0 250 220">    <textfill="#ffffff"font-family="Roboto, Segoe UI, Ubuntu, Arial, sans-serif"font-weight="600"font-size="15px">        {{ title }}    </text></svg>
render_template("main.svg",title="TEST & EXAMPLE")

image

Current workarounds

Changing the filename to .xml can be done as a workaround, as well overriding the autoescape option or other methods for toggling autoescape. I'm proposing this as a feature request as I believe it is logical for SVG to work the same way as XML.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions


      [8]ページ先頭

      ©2009-2026 Movatter.jp