Retrieving json objects from python (using Django) - Javascript - javascript

I have been poking around the web but have not been able to find an example which works for me. It seems as though it is a simple mistake as I have seen multiple examples that are very similar, but when I try following these I keep getting errors (mainly SyntaxError: invalid property id).
Python code (in Django view):
my_dict = {'mykey' : 'myvar'}
jtest = json.dumps(my_dict)
context = {'form': form, 'test_dict' : jtest}
return render(request, "browsefiles.html", context)
Javascript:
<script type="text/javascript">
var data = {{ test_dict }};
</script>
Error:
SyntaxError: invalid property id
If someone could help me find what is causing this error that would be greatly appreciated. I would like to access the dictionary in the in the javascript code segment.

Django will escape special characters in your page and the browser cannot recognize the object. You must mark it as safe for Django to leave it alone:
<script type="text/javascript">
var data = {{ test_dict|safe }};
</script>

Related

Flask with Jinja2 - Passing value from Flask to Javascript using Jinja2 statements

This is my code in Flask
data = {"Bird" : "Its a bird!"}
#app.route('/store')
def store():
return render_template('store.html', data = data)
This is my code in Javascript
<script>
var val = "Bird";
var something = '{{ data[' + val +'] }}';
</script>
I'm not sure what i'm doing wrong but I cant seem to get something to be "Its a bird!".
Any ideas?
You have to keep in mind that Jinja2 template rendering happens before the JavaScript is executed. You can see this in the fact that you render the template and then return it to the user (or their browser).
Therefore, anything that comes out of that template render process, must be valid JavaScript in order to run. Also, Jinja2 does not know anything about HTML, JavaScript or really any other language.
Putting this knowledge into use would basically mean that you need to render the required data into valid JavaScript:
<script>
var mapping = {{ data | tojson }};
var val = "Bird";
var something = mapping[val];
</script>
Personally, however, I would avoid templating JavaScript code and figure out some other way or handling dynamic data.

Convert ejs snippet to jade

I have some server-side ejs templates I'm converting to jade for my node.js/express app, but there's one piece of ejs code that I"m a bit unsure of how to properly write in jade. Here's the snippet.
<script type="text/javascript">
window.user = <%- user || 'null' %>;
</script>
I tried doing something like this in jade, but it's obviously wrong since user is returned as undefined.
script.
window.user = user || 'null';
I also tried using a ternary operation, which does't give an error but also doesn't return a user.
script.
window.user ? user : 'null';
I basically have a user object the server controller is passing to the server template. What's the proper way to handle passing objects from the controller to the view? I'm a bit of a back end development noob so I apologize if this is a silly question.
This works, if user is falsy (null, undefined, empty string etc.):
script(type='text/javascript').
window.user = "#{user}" || null;
If you are certain not to escape the users value, which means you may be vulnerable to CSS-attacks, you may use !{user} instead of #{user}.
I have bean trying the snippet here: http://jade-lang.com/demo/

Importing Python Flask JSON dictionary into javascript error

I have a Python Flask web app that I want to pass a dictionary data set from to javascript, I am trying to JSON I can pass numbers fine but it seems to throw an error when using strings.
Here is the code snippet of the python generating the JSON string:
view.py
def dumpdata():
DB_name={"name":"aaragh"}
strng=json.dumps(DB_name)
return render_template('dumpdata.html',result = strng)
Here is the receiving HTML file
dumpdata.html
<html><body>
<p >{{ result }}</a>
<script>
var data = JSON.parse({{result}});
console.log(data.name);
</script>
</body></html>
Here is the error message and the console output:
consolelog
SyntaxError: invalid property id dumpdata:4
<html><body>
<p >{"name": "aaragh"}</a>
<script>
var data = JSON.parse({"name": "aaragh"});
console.log(data.name);
</script>
</body></html>
I dont think it's relevant but I get the same error on both ubuntu chrome and win IE.
Any ideas? I think I am missing something obvious but I have banged my head against this for days and I still haven't been able to find a solution...
Thanks
Take a look at the template filter |safe:
<html><body>
<p >{{ result|safe }}</a>
<script>
var data = JSON.parse({{ result|safe }});
console.log(data.name);
</script>
</body></html>
Flask docs mention
Jinja docs mention
var data = JSON.parse({{ result|safe }});
This line should be changed to
var data = JSON.parse('{{ result|safe }}');
PS: It didnt work for me without quotes. Also i read it somewhere that in javascript all {{ variable }} are accessible inside quotes only.
What actually worked for me, translating the dictionary with Python and pass that to Javascript to work with...
<script>
{# passing diffData to javascript in the page template #}
let diffData = {{ diffData | tojson | safe }};
console.log(diffData);
...the rest of the code...
</script>
So I had to pass the diffData dictionary to the template and parse the dictionary with Javascript to display the result in a specific format.
I've tried let diffData = JSON.parse({{ diffData | safe }}); with and without quotes, both types, but Chromium kept throwing errors like:
SyntaxError: Unexpected token o in JSON at position 1
SyntaxError: Unexpected token ' in JSON at position 1
SyntaxError: missing ) after argument list
Worth noting that I use single-quotes in my dictionary, like:
{'2019-10-08 11:21': {'2019-10-08': {'KSML': {...
Hope this helps some out there.
Cheers!

Accessing Django dictionary in Javascript

I'm passing a dictionary from my Django view and want to access the dictionary in my code.
view code:
res.responses is a dictionary
def index(request):
import pprint
pprint.pprint(res.responses)
print 'type = ', type(res.responses)
return render_to_response("deploy/index.html", {"responses":res.responses})
Javascript code:
$(document).ready(function(){
//{% for each in responses%}
// console.log(Hi)
//{% endfor %}
var response = "{{responses}}"
console.log(response)
I tried accessing the variable directly using for loop and also accessing the variable directly. Both throw me an error. Please provide some suggestion.
You can do both.
Option 1:
Provide the script via a template that will send the code with the values. Will look ugly but work. Your javascript file or even the html must be parsed by the django template engine. They can't be static
Option 2:
Provide a new view with a json response, that is accessed from your javascript code (ie: via JQuery)

Django Template Variables and Javascript

When I render a page using the Django template renderer, I can pass in a dictionary variable containing various values to manipulate them in the page using {{ myVar }}.
Is there a way to access the same variable in Javascript (perhaps using the DOM, I don't know how Django makes the variables accessible)? I want to be able to lookup details using an AJAX lookup based on the values contained in the variables passed in.
The {{variable}} is substituted directly into the HTML. Do a view source; it isn't a "variable" or anything like it. It's just rendered text.
Having said that, you can put this kind of substitution into your JavaScript.
<script type="text/javascript">
var a = "{{someDjangoVariable}}";
</script>
This gives you "dynamic" javascript.
CAUTION Check ticket #17419 for discussion on adding similar tag into Django core and possible XSS vulnerabilities introduced by using this template tag with user generated data. Comment from amacneil discusses most of the concerns raised in the ticket.
I think the most flexible and handy way of doing this is to define a template filter for variables you want to use in JS code. This allows you to ensure, that your data is properly escaped and you can use it with complex data structures, such as dict and list. That's why I write this answer despite there is an accepted answer with a lot of upvotes.
Here is an example of template filter:
// myapp/templatetags/js.py
from django.utils.safestring import mark_safe
from django.template import Library
import json
register = Library()
#register.filter(is_safe=True)
def js(obj):
return mark_safe(json.dumps(obj))
This template filters converts variable to JSON string. You can use it like so:
// myapp/templates/example.html
{% load js %}
<script type="text/javascript">
var someVar = {{ some_var | js }};
</script>
A solution that worked for me is using the hidden input field in the template
<input type="hidden" id="myVar" name="variable" value="{{ variable }}">
Then getting the value in javascript this way,
var myVar = document.getElementById("myVar").value;
As of Django 2.1, a new built in template tag has been introduced specifically for this use case: json_script.
https://docs.djangoproject.com/en/stable/ref/templates/builtins/#json-script
The new tag will safely serialize template values and protects against XSS.
Django docs excerpt:
Safely outputs a Python object as JSON, wrapped in a tag,
ready for use with JavaScript.
There is a nice easy way implemented from Django 2.1+ using a built in template tag json_script. A quick example would be:
Declare your variable in your template:
{{ variable|json_script:'name' }}
And then call the variable in your <script> Javascript:
var js_variable = JSON.parse(document.getElementById('name').textContent);
It is possible that for more complex variables like 'User' you may get an error like "Object of type User is not JSON serializable" using Django's built in serializer. In this case you could make use of the Django Rest Framework to allow for more complex variables.
new docs says use {{ mydata|json_script:"mydata" }} to prevent code injection.
a good exmple is given here:
{{ mydata|json_script:"mydata" }}
<script>
const mydata = JSON.parse(document.getElementById('mydata').textContent);
</script>
For a JavaScript object stored in a Django field as text, which needs to again become a JavaScript object dynamically inserted into on-page script, you need to use both escapejs and JSON.parse():
var CropOpts = JSON.parse("{{ profile.last_crop_coords|escapejs }}");
Django's escapejs handles the quoting properly, and JSON.parse() converts the string back into a JS object.
Here is what I'm doing very easily:
I modified my base.html file for my template and put that at the bottom:
{% if DJdata %}
<script type="text/javascript">
(function () {window.DJdata = {{DJdata|safe}};})();
</script>
{% endif %}
then when I want to use a variable in the javascript files, I create a DJdata dictionary and I add it to the context by a json : context['DJdata'] = json.dumps(DJdata)
Hope it helps!
For a dictionary, you're best of encoding to JSON first. You can use simplejson.dumps() or if you want to convert from a data model in App Engine, you could use encode() from the GQLEncoder library.
Note, that if you want to pass a variable to an external .js script then you need to precede your script tag with another script tag that declares a global variable.
<script type="text/javascript">
var myVar = "{{ myVar }}"
</script>
<script type="text/javascript" src="{% static "scripts/my_script.js" %}"></script>
data is defined in the view as usual in the get_context_data
def get_context_data(self, *args, **kwargs):
context['myVar'] = True
return context
I was facing simillar issue and answer suggested by S.Lott worked for me.
<script type="text/javascript">
var a = "{{someDjangoVariable}}"
</script>
However I would like to point out major implementation limitation here.
If you are planning to put your javascript code in different file and include that file in your template. This won't work.
This works only when you main template and javascript code is in same file.
Probably django team can address this limitation.
I've been struggling with this too. On the surface it seems that the above solutions should work. However, the django architecture requires that each html file has its own rendered variables (that is, {{contact}} is rendered to contact.html, while {{posts}} goes to e.g. index.html and so on). On the other hand, <script> tags appear after the {%endblock%} in base.html from which contact.html and index.html inherit. This basically means that any solution including
<script type="text/javascript">
var myVar = "{{ myVar }}"
</script>
is bound to fail, because the variable and the script cannot co-exist in the same file.
The simple solution I eventually came up with, and worked for me, was to simply wrap the variable with a tag with id and later refer to it in the js file, like so:
// index.html
<div id="myvar">{{ myVar }}</div>
and then:
// somecode.js
var someVar = document.getElementById("myvar").innerHTML;
and just include <script src="static/js/somecode.js"></script> in base.html as usual.
Of course this is only about getting the content. Regarding security, just follow the other answers.
I have found we can pass Django variables to javascript functions like this:-
<button type="button" onclick="myJavascriptFunction('{{ my_django_variable }}')"></button>
<script>
myJavascriptFunction(djangoVariable){
alert(djangoVariable);
}
</script>
I use this way in Django 2.1 and work for me and this way is secure (reference):
Django side:
def age(request):
mydata = {'age':12}
return render(request, 'test.html', context={"mydata_json": json.dumps(mydata)})
Html side:
<script type='text/javascript'>
const mydata = {{ mydata_json|safe }};
console.log(mydata)
</script>
you can assemble the entire script where your array variable is declared in a string, as follows,
views.py
aaa = [41, 56, 25, 48, 72, 34, 12]
prueba = "<script>var data2 =["
for a in aaa:
aa = str(a)
prueba = prueba + "'" + aa + "',"
prueba = prueba + "];</script>"
that will generate a string as follows
prueba = "<script>var data2 =['41','56','25','48','72','34','12'];</script>"
after having this string, you must send it to the template
views.py
return render(request, 'example.html', {"prueba": prueba})
in the template you receive it and interpret it in a literary way as htm code, just before the javascript code where you need it, for example
template
{{ prueba|safe }}
and below that is the rest of your code, keep in mind that the variable to use in the example is data2
<script>
console.log(data2);
</script>
that way you will keep the type of data, which in this case is an arrangement
There are two things that worked for me inside Javascript:
'{{context_variable|escapejs }}'
and other:
In views.py
from json import dumps as jdumps
def func(request):
context={'message': jdumps('hello there')}
return render(request,'index.html',context)
and in the html:
{{ message|safe }}
There are various answers pointing to json_script. Contrary to what one might think, that's not a one size fits all solution.
For example, when we want to pass to JavaScript dynamic variables generated inside a for loop, it's best to use something like data-attributes.
See it in more detail here.
If you want to send variable directly to a function by passing it as a parameter then try this
<input type="text" onkeyup="somefunction('{{ YOUR_VARIABLE }}')">
As from previous answers the security can be improved upon

Categories

Resources