How do I pass in Flask variable and turn it into HTML?

I have a python variable is defined as follows:

var = <p>some text</p>

I’d like to pass this in to HTML with Flask like this: {{ var }}. It should show up on the website as simply displaying the words “some text” but instead shows up as “<p>some text</p>” to the user and is not in a <p> tag.

How do I fix this?

Basically tell Flask that this is not XSS and it’s safe to display with |safe

{{ var | safe }}

@QwertyQwerty88 Safe or save?


safe, I made a typo there


Also, just curios, what’s XSS?


Cross site scripting. Basically means anyone can run JavaScript on your site.


It’s very dangerous. I’ve had to ban about twenty-five people on my chat app for attempting it.

1 Like

And that works because Flask is kinda using innerText instead of innerHTML (idk if you’ve ever used those properties). If you just made the variable a text node, then you wouldn’t need the safe thing I believe.

what is a text node?

1 Like

In HTML, it’s just a plain string of text that isn’t necessarily part of an element and rather its own node

okay but how would you make one with Python?

1 Like

Just insert regular text…

It’s much better to wrap your text in a p or span tag though

Unless you’re suggesting this?

<p>{{ var }}</p>

Yeah, but at the same time I’d say using innerHTML/safe isn’t the greatest, but yeah

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.