Allowing HTML in Text Fields on a Django Site

One of the things I really wanted to be able to do with my Django blog project was display HTML in my blog posts. I just wanted to be able to use links and some basic formatting. While undertaking this task, I learned a little more about how Django itself works. Like, some stuff updates while your server is running. But some stuff will not take effect until you restart. Read on and you’ll see what I mean.

When I began my research, I first came across the ‘safe’ filter. This is included with Django and can be used in templates like this (surrounded by double curly braces):

post.text | safe | linebreaksbr

By default, Django escapes HTML tags. This stops it from doing that. It definitely isn’t a recommended option if you have users entering data since you can’t trust them (sorry users). Since I’m the only one posting though, I figured it would be okay, at least for the moment. However, it wasn’t working – or didn’t appear to be.

So, I went looking further. I came across a module called django-bleach which appeared to be exactly what I was looking for. I installed it, added the necessary import and changed the TextField in my post model to a BleachField. Unless I just wasn’t reading the documentation correctly, that was all that should have been required for it to work. But, it didn’t. So I then added my own list of allowed tags and attributes, but it still wasn’t working. And then, out of sheer frustration, I added the safe filters back to my templates. And it worked. I don’t know if this happens to other people or not, but I honestly don’t remember at what points I’d restarted my server during all this. I was operating under the assumption that changes would take effect while it was running, and that if they weren’t all I had to do was Ctrl+Shift+R for a hard refresh. That worked for CSS at least. But it apparently doesn’t work for some stuff. Like safe filters.

I decided to get rid of the Django safe filters because I figured it was more safe to just have bleach filtering the tags I chose. And for whatever reason, at that point I did restart my server, and all my awesome HTML was gone. Around this time was when I began to understand that my testing wasn’t really being done properly as I needed to be restarting between these changes, so I had to test everything again. That was how I came to realize that the safe filters worked all along, but django-bleach did not. I’m pretty sad about that, as it seemed like an awesome module. And, I mean, maybe it does work and I was missing something. I’ll probably revisit it later.

In my research I did also come across two modules that allow rich text editing: Django CKeditor and django-tinymce. I didn’t want to add more to my site than I had to, especially since it’s only on free hosting, and I didn’t feel I needed these modules since I’m fine with writing HTML the few times I want it. But I realize they would be a better option in many cases and wanted to include them for anyone reading.

I hope that this was useful information for someone somewhere. I struggled with this issue for longer than I should have when really, all along I just needed to restart my server! But I did learn some interesting things along the way, so it wasn’t a complete waste of time I guess.