如何通过 Jinja2将列表从 Python 传递到 JavaScript

假设我有一个 Python 变量:

list_of_items = ['1','2','3','4','5']

然后我通过渲染 HTML 把它传递给金贾,我还有一个在 JavaScript 中的函数叫做 somefunction(variable)。我试图通过每个项目的 list_of_items。我试过这样的方法:

{% for item in list_of_items %}
<span onclick="somefunction({{item}})">{{item}}</span><br>
{% endfor %}

是否可以将列表从 Python 传递到 JavaScript,或者是否应该循环传递列表中的每个条目?我怎么能这么做?

150149 次浏览

To pass some context data to javascript code, you have to serialize it in a way it will be "understood" by javascript (namely JSON). You also need to mark it as safe using the safe Jinja filter, to prevent your data from being htmlescaped.

You can achieve this by doing something like that:

The view

import json


@app.route('/')
def my_view():
data = [1, 'foo']
return render_template('index.html', data=json.dumps(data))

The template

<script type="text/javascript">
function test_func(data) {
console.log(data);
}
test_func(\{\{ data|safe }})
</script>

Edit - exact answer

So, to achieve exactly what you want (loop over a list of items, and pass them to a javascript function), you'd need to serialize every item in your list separately. Your code would then look like this:

The view

import json


@app.route('/')
def my_view():
data = [1, "foo"]
return render_template('index.html', data=map(json.dumps, data))

The template

{% for item in data %}
<span onclick=someFunction(\{\{ item|safe }});>\{\{ item }}</span>
{% endfor %}

Edit 2

In my example, I use Flask, I don't know what framework you're using, but you got the idea, you just have to make it fit the framework you use.

Edit 3 (Security warning)

NEVER EVER DO THIS WITH USER-SUPPLIED DATA, ONLY DO THIS WITH TRUSTED DATA!

Otherwise, you would expose your application to XSS vulnerabilities!

I had a similar problem using Flask, but I did not have to resort to JSON. I just passed a list letters = ['a','b','c'] with render_template('show_entries.html', letters=letters), and set

var letters = \{\{ letters|safe }}

in my javascript code. Jinja2 replaced \{\{ letters }} with ['a','b','c'], which javascript interpreted as an array of strings.

I can suggest you a javascript oriented approach which makes it easy to work with javascript files in your project.

Create a javascript section in your jinja template file and place all variables you want to use in your javascript files in a window object:

Start.html

...
{% block scripts %}
<script type="text/javascript">
window.appConfig = {
debug: {% if env == 'development' %}true{% else %}false{% endif %},
facebook_app_id: \{\{ facebook_app_id }},
accountkit_api_version: '\{\{ accountkit_api_version }}',
csrf_token: '\{\{ csrf_token }}'
}
</script>
<script type="text/javascript" src="\{\{ url_for('static', filename='app.js') }}"></script>
{% endblock %}

Jinja will replace values and our appConfig object will be reachable from our other script files:

App.js

var AccountKit_OnInteractive = function(){
AccountKit.init({
appId: appConfig.facebook_app_id,
debug: appConfig.debug,
state: appConfig.csrf_token,
version: appConfig.accountkit_api_version
})
}

I have seperated javascript code from html documents with this way which is easier to manage and seo friendly.

To add up on the selected answer, I have been testing a new option that is working too using jinja2 and flask:

@app.route('/')
def my_view():
data = [1, 2, 3, 4, 5]
return render_template('index.html', data=data)

The template:

<script>
console.log( \{\{ data | tojson }} )
</script>

the output of the rendered template:

<script>
console.log( [1, 2, 3, 4] )
</script>

The safe could be added but as well like \{\{ data | tojson | safe }} to avoid html escape but it is working without too.

You can do this with Jinja's tojson filter, which

Dumps a structure to JSON so that it’s safe to use in <script> tags [and] in any place in HTML with the notable exception of double quoted attributes.

For example, in your Python, write:

some_template.render(list_of_items=list_of_items)

... or, in the context of a Flask endpoint:

return render_template('your_template.html', list_of_items=list_of_items)

Then in your template, write this:

{% for item in list_of_items %}
<span onclick='somefunction(\{\{item | tojson}})'>\{\{item}}</span><br>
{% endfor %}

(Note that the onclick attribute is single-quoted. This is necessary since |tojson escapes ' characters but not " characters in its output, meaning that it can be safely used in single-quoted HTML attributes but not double-quoted ones.)

Or, to use list_of_items in an inline script instead of an HTML attribute, write this:

<script>
const jsArrayOfItems = \{\{list_of_items | tojson}};
// ... do something with jsArrayOfItems in JavaScript ...
</script>

DON'T use json.dumps to JSON-encode variables in your Python code and pass the resulting JSON text to your template. This will produce incorrect output for some string values, and will expose you to XSS if you're trying to encode user-provided values. This is because Python's built-in json.dumps doesn't escape characters like < and > (which need escaping to safely template values into inline <script>s, as noted at https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements) or single quotes (which need escaping to safely template values into single-quoted HTML attributes).

If you're using Flask, note that Flask injects a custom tojson filter instead of using Jinja's version. However, everything written above still applies. The two versions behave almost identically; Flask's just allows for some app-specific configuration that isn't available in Jinja's version.

Make some invisible HTML tags like <label>, <p>, <input> etc. and name its id, and the class name is a pattern so that you can retrieve it later.

Let you have two lists maintenance_next[] and maintenance_block_time[] of the same length, and you want to pass these two list's data to javascript using the flask. So you take some invisible label tag and set its tag name is a pattern of list's index and set its class name as value at index.

{% for i in range(maintenance_next|length): %}
<label id="maintenance_next_\{\{i}}" name="\{\{maintenance_next[i]}}" style="display: none;"></label>
<label id="maintenance_block_time_\{\{i}}" name="\{\{maintenance_block_time[i]}}" style="display: none;"></label>
{% endfor%}

Now you can retrieve the data in javascript using some javascript operation like below -

<script>
var total_len = \{\{ total_len }};
 

for (var i = 0; i < total_len; i++) {
var tm1 = document.getElementById("maintenance_next_" + i).getAttribute("name");
var tm2 = document.getElementById("maintenance_block_time_" + i).getAttribute("name");
    

//Do what you need to do with tm1 and tm2.
    

console.log(tm1);
console.log(tm2);
}
</script>

you can do it

<tbody>
{% for proxy in proxys %}
<tr>
<td id=\{\{proxy.ip}}>\{\{proxy.ip}}</td>
<td id=\{\{proxy.port}}>\{\{proxy.port}}</td>
<td>\{\{proxy.protocol}}</td>
<td>\{\{proxy.speed}}</td>
<td>\{\{proxy.type}}</td>
<td>\{\{proxy.city}}</td>
<td>\{\{proxy.verify_time}}</td>
<td>
<button type="button" class="btn btn-default" aria-label="Left Align">
<span class="glyphicon glyphicon-paste" aria-hidden="true" onclick="copyProxy('\{\{proxy.ip}}', '\{\{proxy.port}}')"></span>
</button>
</td>
</tr>
{% endfor %}
</tbody>
</table>