Comments on: Overriding a Widget in the Django Admin Site, part 2

By: zeitung online

zeitung online — Tue, 25 May 2010 14:38:54 +0000

YES. You make my day. Thx. I will try to implement it in my mingus up.

By: rick

rick — Wed, 10 Jun 2009 02:33:08 +0000

Thanks, varikin. About whether markdown filter’s efficiency, I guess that will be a todo for one of us :)

If it’s not a big difference, it would be nicer to use the markdown filter, because you would only have one field in the database rather than two, which would just seem a little more elegant.

Anyway, I think I got it all working! Thanks for the help!

By: varikin

varikin — Wed, 10 Jun 2009 02:18:19 +0000

Hi Rick,

You are busy with this:)

I escaped the HTML because I didn’t want anything but what I generated through the markdown syntax. So I did not want to unescape it.

The safe filter it more efficient than the markdown filter because it just tells Django “this text is already safe, you don’t have to escape anything”. Where as the markdown filter will convert markdown text to HTML when rendering the template. I haven’t done any profiling between the two, but I would hope the safe filter is faster.

I hope this helps.

By: rick

rick — Wed, 10 Jun 2009 01:59:02 +0000

OK. I found the safe filter, but is the safe filter much more efficient than the markdown filter?

By: rick

rick — Wed, 10 Jun 2009 01:55:42 +0000

I just noticed that even if I remove the escape() call, it’s still escaping all the HTML. Does Django do this automatically?

By: rick

rick — Wed, 10 Jun 2009 01:45:32 +0000

OK i found outhow to hide the html_body filed by using exclude = (‘html_body’,) in the PostAdmin class.

But I have another issue.

Because you escape the markdown like this:

return markdown(escape(raw))

When I try to display it in the template it shows escaped HTML. As far as I know there is no unescape function in django.utils, so how do you get it back to regular HTML?

Also if you need to filter it again or process it again to unescape it back to HTML, doesn’t that add processing that is similar to using the markdown filter in the template if you had just saved it as markdown? In other words, aren’t you trading one overhead for another?

By: rick

rick — Wed, 10 Jun 2009 01:14:56 +0000

“By the way, I am not displaying html_body field on the admin change/add page.”

varikin, how do you hide the html_body field?

thanks.

By: Ed

Ed — Thu, 04 Jun 2009 02:29:59 +0000

I just found this post and it solved my problems I mentioned in the comment in the previous post. Just goes to show what a little digging effort can do before automatically asking questions.

I ended up extending this a bit by using a render_to_response with a very simple template that included my typesetting css file so that the preview ends up being typeset like it will when actually posted.

Thanks again for this info, it has been very helpful.

By: varikin

varikin — Wed, 20 May 2009 20:38:27 +0000

@Jesús Gómez – The safe filter servers a different need than escaping in the code. The escaping was to remove any HTML written into the raw_body before converting the markup to HTML. This prevented malicious code. Then the final html_body contains only HTML created by the markup. Then the safe filter in the template tells the template engine that it does not need to escape any further because you have already ensured it is safe.

By: Jesús Gómez

Jesús Gómez — Wed, 20 May 2009 20:04:01 +0000

I had to apply the safe filter at the html_body content in the templates. It looks like appling escape in the code is not enough.