============================The Django template language============================This document explains the language syntax of the Django template system. Ifyou're looking for a more technical perspective on how it works and how toextend it, see :doc:`/ref/templates/api`.Django's template language is designed to strike a balance between power andease. It's designed to feel comfortable to those used to working with HTML. Ifyou have any exposure to other text-based template languages, such as Smarty_or Jinja2_, you should feel right at home with Django's templates... admonition:: PhilosophyIf you have a background in programming, or if you're used to languageswhich mix programming code directly into HTML, you'll want to bear inmind that the Django template system is not simply Python embedded intoHTML. This is by design: the template system is meant to expresspresentation, not program logic.The Django template system provides tags which function similarly to someprogramming constructs -- an :ttag:`if` tag for boolean tests, a :ttag:`for`tag for looping, etc. -- but these are not simply executed as thecorresponding Python code, and the template system will not executearbitrary Python expressions. Only the tags, filters and syntax listed beloware supported by default (although you can add :doc:`your own extensions</howto/custom-template-tags>` to the template language as needed)... _`The Django template language: For Python programmers`: ../templates_python/.. _Smarty: https://www.smarty.net/.. _Jinja2: https://palletsprojects.com/p/jinja/Templates=========.. highlight:: html+djangoA template is a text file. It can generate any text-based format (HTML, XML,CSV, etc.).A template contains **variables**, which get replaced with values when thetemplate is evaluated, and **tags**, which control the logic of the template.Below is a minimal template that illustrates a few basics. Each element will beexplained later in this document... code-block:: html+django{% extends "base_generic.html" %}{% block title %}{{ section.title }}{% endblock %}{% block content %}<h1>{{ section.title }}</h1>{% for story in story_list %}<h2><a href="{{ story.get_absolute_url }}">{{ story.headline|upper }}</a></h2><p>{{ story.tease|truncatewords:"100" }}</p>{% endfor %}{% endblock %}.. admonition:: PhilosophyWhy use a text-based template instead of an XML-based one (like Zope'sTAL)? We wanted Django's template language to be usable for more thanjust XML/HTML templates. You can use the template language for anytext-based format such as emails, JavaScript and CSV... _template-variables:Variables=========Variables look like this: ``{{ variable }}``. When the template engineencounters a variable, it evaluates that variable and replaces it with theresult. Variable names consist of any combination of alphanumeric charactersand the underscore (``"_"``) but may not start with an underscore, and may notbe a number. The dot (``"."``) also appears in variable sections, although thathas a special meaning, as indicated below. Importantly, *you cannot have spacesor punctuation characters in variable names.*Use a dot (``.``) to access attributes of a variable... admonition:: Behind the scenesTechnically, when the template system encounters a dot, it tries thefollowing lookups, in this order:* Dictionary lookup* Attribute or method lookup* Numeric index lookupIf the resulting value is callable, it is called with no arguments. Theresult of the call becomes the template value.This lookup order can cause some unexpected behavior with objects thatoverride dictionary lookup. For example, consider the following code snippetthat attempts to loop over a ``collections.defaultdict``::{% for k, v in defaultdict.items %}Do something with k and v here...{% endfor %}Because dictionary lookup happens first, that behavior kicks in and providesa default value instead of using the intended ``.items()`` method. In thiscase, consider converting to a dictionary first.In the above example, ``{{ section.title }}`` will be replaced with the``title`` attribute of the ``section`` object.If you use a variable that doesn't exist, the template system will insert thevalue of the ``string_if_invalid`` option, which is set to ``''`` (the emptystring) by default.Note that "bar" in a template expression like ``{{ foo.bar }}`` will beinterpreted as a literal string and not using the value of the variable "bar",if one exists in the template context.Variable attributes that begin with an underscore may not be accessed asthey're generally considered private.Filters=======You can modify variables for display by using **filters**.Filters look like this: ``{{ name|lower }}``. This displays the value of the``{{ name }}`` variable after being filtered through the :tfilter:`lower`filter, which converts text to lowercase. Use a pipe (``|``) to apply a filter.Filters can be "chained." The output of one filter is applied to the next.``{{ text|escape|linebreaks }}`` is a common idiom for escaping text contents,then converting line breaks to ``<p>`` tags.Some filters take arguments. A filter argument looks like this: ``{{bio|truncatewords:30 }}``. This will display the first 30 words of the ``bio``variable.Filter arguments that contain spaces must be quoted; for example, to join alist with commas and spaces you'd use ``{{ list|join:", " }}``.Django provides about sixty built-in template filters. You can read all aboutthem in the :ref:`built-in filter reference <ref-templates-builtins-filters>`.To give you a taste of what's available, here are some of the more commonlyused template filters::tfilter:`default`If a variable is false or empty, use given default. Otherwise, use thevalue of the variable. For example::{{ value|default:"nothing" }}If ``value`` isn't provided or is empty, the above will display"``nothing``".:tfilter:`length`Returns the length of the value. This works for both strings and lists.For example::{{ value|length }}If ``value`` is ``['a', 'b', 'c', 'd']``, the output will be ``4``.:tfilter:`filesizeformat`Formats the value like a "human-readable" file size (i.e. ``'13 KB'``,``'4.1 MB'``, ``'102 bytes'``, etc.). For example::{{ value|filesizeformat }}If ``value`` is 123456789, the output would be ``117.7 MB``.Again, these are just a few examples; see the :ref:`built-in filter reference<ref-templates-builtins-filters>` for the complete list.You can also create your own custom template filters; see:doc:`/howto/custom-template-tags`... seealso::Django's admin interface can include a complete reference of all templatetags and filters available for a given site. See:doc:`/ref/contrib/admin/admindocs`.Tags====Tags look like this: ``{% tag %}``. Tags are more complex than variables: Somecreate text in the output, some control flow by performing loops or logic, andsome load external information into the template to be used by later variables.Some tags require beginning and ending tags (i.e. ``{% tag %} ... tag contents... {% endtag %}``).Django ships with about two dozen built-in template tags. You can read all aboutthem in the :ref:`built-in tag reference <ref-templates-builtins-tags>`. To giveyou a taste of what's available, here are some of the more commonly usedtags::ttag:`for`Loop over each item in an array. For example, to display a list of athletesprovided in ``athlete_list``::<ul>{% for athlete in athlete_list %}<li>{{ athlete.name }}</li>{% endfor %}</ul>:ttag:`if`, ``elif``, and ``else``Evaluates a variable, and if that variable is "true" the contents of theblock are displayed::{% if athlete_list %}Number of athletes: {{ athlete_list|length }}{% elif athlete_in_locker_room_list %}Athletes should be out of the locker room soon!{% else %}No athletes.{% endif %}In the above, if ``athlete_list`` is not empty, the number of athleteswill be displayed by the ``{{ athlete_list|length }}`` variable. Otherwise,if ``athlete_in_locker_room_list`` is not empty, the message "Athletesshould be out..." will be displayed. If both lists are empty,"No athletes." will be displayed.You can also use filters and various operators in the :ttag:`if` tag::{% if athlete_list|length > 1 %}Team: {% for athlete in athlete_list %} ... {% endfor %}{% else %}Athlete: {{ athlete_list.0.name }}{% endif %}While the above example works, be aware that most template filters returnstrings, so mathematical comparisons using filters will generally not workas you expect. :tfilter:`length` is an exception.:ttag:`block` and :ttag:`extends`Set up `template inheritance`_ (see below), a powerful wayof cutting down on "boilerplate" in templates.Again, the above is only a selection of the whole list; see the :ref:`built-intag reference <ref-templates-builtins-tags>` for the complete list.You can also create your own custom template tags; see:doc:`/howto/custom-template-tags`... seealso::Django's admin interface can include a complete reference of all templatetags and filters available for a given site. See:doc:`/ref/contrib/admin/admindocs`... _template-comments:Comments========To comment-out part of a line in a template, use the comment syntax: ``{# #}``.For example, this template would render as ``'hello'``::{# greeting #}helloA comment can contain any template code, invalid or not. For example::{# {% if foo %}bar{% else %} #}This syntax can only be used for single-line comments (no newlines are permittedbetween the ``{#`` and ``#}`` delimiters). If you need to comment out amultiline portion of the template, see the :ttag:`comment` tag... _template-inheritance:Template inheritance====================The most powerful -- and thus the most complex -- part of Django's templateengine is template inheritance. Template inheritance allows you to build a base"skeleton" template that contains all the common elements of your site anddefines **blocks** that child templates can override.Let's look at template inheritance by starting with an example::<!DOCTYPE html><html lang="en"><head><link rel="stylesheet" href="style.css"><title>{% block title %}My amazing site{% endblock %}</title></head><body><div id="sidebar">{% block sidebar %}<ul><li><a href="/">Home</a></li><li><a href="/blog/">Blog</a></li></ul>{% endblock %}</div><div id="content">{% block content %}{% endblock %}</div></body></html>This template, which we'll call ``base.html``, defines an HTML skeletondocument that you might use for a two-column page. It's the job of "child"templates to fill the empty blocks with content.In this example, the :ttag:`block` tag defines three blocks that childtemplates can fill in. All the :ttag:`block` tag does is to tell the templateengine that a child template may override those portions of the template.A child template might look like this::{% extends "base.html" %}{% block title %}My amazing blog{% endblock %}{% block content %}{% for entry in blog_entries %}<h2>{{ entry.title }}</h2><p>{{ entry.body }}</p>{% endfor %}{% endblock %}The :ttag:`extends` tag is the key here. It tells the template engine thatthis template "extends" another template. When the template system evaluatesthis template, first it locates the parent -- in this case, "base.html".At that point, the template engine will notice the three :ttag:`block` tagsin ``base.html`` and replace those blocks with the contents of the childtemplate. Depending on the value of ``blog_entries``, the output might looklike::<!DOCTYPE html><html lang="en"><head><link rel="stylesheet" href="style.css"><title>My amazing blog</title></head><body><div id="sidebar"><ul><li><a href="/">Home</a></li><li><a href="/blog/">Blog</a></li></ul></div><div id="content"><h2>Entry one</h2><p>This is my first entry.</p><h2>Entry two</h2><p>This is my second entry.</p></div></body></html>Note that since the child template didn't define the ``sidebar`` block, thevalue from the parent template is used instead. Content within a ``{% block %}``tag in a parent template is always used as a fallback.You can use as many levels of inheritance as needed. One common way of usinginheritance is the following three-level approach:* Create a ``base.html`` template that holds the main look-and-feel of yoursite.* Create a ``base_SECTIONNAME.html`` template for each "section" of yoursite. For example, ``base_news.html``, ``base_sports.html``. Thesetemplates all extend ``base.html`` and include section-specificstyles/design.* Create individual templates for each type of page, such as a newsarticle or blog entry. These templates extend the appropriate sectiontemplate.This approach maximizes code reuse and helps to add items to shared contentareas, such as section-wide navigation.Here are some tips for working with inheritance:* If you use :ttag:`{% extends %}<extends>` in a template, it must be the first templatetag in that template. Template inheritance won't work, otherwise.* More :ttag:`{% block %}<block>` tags in your base templates are better. Remember,child templates don't have to define all parent blocks, so you can fillin reasonable defaults in a number of blocks, then only define the onesyou need later. It's better to have more hooks than fewer hooks.* If you find yourself duplicating content in a number of templates, itprobably means you should move that content to a ``{% block %}`` in aparent template.* If you need to get the content of the block from the parent template,the ``{{ block.super }}`` variable will do the trick. This is usefulif you want to add to the contents of a parent block instead ofcompletely overriding it. Data inserted using ``{{ block.super }}`` willnot be automatically escaped (see the `next section`_), since it wasalready escaped, if necessary, in the parent template.* By using the same template name as you are inheriting from,:ttag:`{% extends %}<extends>` can be used to inherit a template at the sametime as overriding it. Combined with ``{{ block.super }}``, this can be apowerful way to make small customizations. See:ref:`extending_an_overridden_template` in the *Overriding templates* How-tofor a full example.* Variables created outside of a :ttag:`{% block %}<block>` using the templatetag ``as`` syntax can't be used inside the block. For example, this templatedoesn't render anything::{% translate "Title" as title %}{% block content %}{{ title }}{% endblock %}* For extra readability, you can optionally give a *name* to your``{% endblock %}`` tag. For example::{% block content %}...{% endblock content %}In larger templates, this technique helps you see which ``{% block %}``tags are being closed.* :ttag:`{% block %}<block>` tags are evaluated first. That's why the contentof a block is always overridden, regardless of the truthiness of surroundingtags. For example, this template will *always* override the content of the``title`` block::{% if change_title %}{% block title %}Hello!{% endblock title %}{% endif %}Finally, note that you can't define multiple :ttag:`block` tags with the samename in the same template. This limitation exists because a block tag works in"both" directions. That is, a block tag doesn't just provide a hole to fill --it also defines the content that fills the hole in the *parent*. If there weretwo similarly-named :ttag:`block` tags in a template, that template's parentwouldn't know which one of the blocks' content to use... _next section: #automatic-html-escaping.. _automatic-html-escaping:Automatic HTML escaping=======================When generating HTML from templates, there's always a risk that a variable willinclude characters that affect the resulting HTML. For example, consider thistemplate fragment::Hello, {{ name }}At first, this seems like a harmless way to display a user's name, but considerwhat would happen if the user entered their name as this::<script>alert('hello')</script>With this name value, the template would be rendered as::Hello, <script>alert('hello')</script>...which means the browser would pop-up a JavaScript alert box!Similarly, what if the name contained a ``'<'`` symbol, like this?.. code-block:: html<b>usernameThat would result in a rendered template like this::Hello, <b>username...which, in turn, would result in the remainder of the web page being in bold!Clearly, user-submitted data shouldn't be trusted blindly and inserted directlyinto your web pages, because a malicious user could use this kind of hole todo potentially bad things. This type of security exploit is called a`Cross Site Scripting`_ (XSS) attack.To avoid this problem, you have two options:* One, you can make sure to run each untrusted variable through the:tfilter:`escape` filter (documented below), which converts potentiallyharmful HTML characters to unharmful ones. This was the default solutionin Django for its first few years, but the problem is that it puts theonus on *you*, the developer / template author, to ensure you're escapingeverything. It's easy to forget to escape data.* Two, you can take advantage of Django's automatic HTML escaping. Theremainder of this section describes how auto-escaping works.By default in Django, every template automatically escapes the outputof every variable tag. Specifically, these five characters areescaped:* ``<`` is converted to ``<``* ``>`` is converted to ``>``* ``'`` (single quote) is converted to ``'``* ``"`` (double quote) is converted to ``"``* ``&`` is converted to ``&``Again, we stress that this behavior is on by default. If you're using Django'stemplate system, you're protected... _Cross Site Scripting: https://en.wikipedia.org/wiki/Cross-site_scriptingHow to turn it off------------------If you don't want data to be auto-escaped, on a per-site, per-template level orper-variable level, you can turn it off in several ways.Why would you want to turn it off? Because sometimes, template variablescontain data that you *intend* to be rendered as raw HTML, in which case youdon't want their contents to be escaped. For example, you might store a blob ofHTML in your database and want to embed that directly into your template. Or,you might be using Django's template system to produce text that is *not* HTML-- like an email message, for instance.For individual variables~~~~~~~~~~~~~~~~~~~~~~~~To disable auto-escaping for an individual variable, use the :tfilter:`safe`filter::This will be escaped: {{ data }}This will not be escaped: {{ data|safe }}Think of *safe* as shorthand for *safe from further escaping* or *can besafely interpreted as HTML*. In this example, if ``data`` contains ``'<b>'``,the output will be::This will be escaped: <b>This will not be escaped: <b>For template blocks~~~~~~~~~~~~~~~~~~~To control auto-escaping for a template, wrap the template (or a particularsection of the template) in the :ttag:`autoescape` tag, like so::{% autoescape off %}Hello {{ name }}{% endautoescape %}The :ttag:`autoescape` tag takes either ``on`` or ``off`` as its argument. Attimes, you might want to force auto-escaping when it would otherwise bedisabled. Here is an example template::Auto-escaping is on by default. Hello {{ name }}{% autoescape off %}This will not be auto-escaped: {{ data }}.Nor this: {{ other_data }}{% autoescape on %}Auto-escaping applies again: {{ name }}{% endautoescape %}{% endautoescape %}The auto-escaping tag passes its effect onto templates that extend thecurrent one as well as templates included via the :ttag:`include` tag,just like all block tags. For example:.. code-block:: html+django:caption: ``base.html``{% autoescape off %}<h1>{% block title %}{% endblock %}</h1>{% block content %}{% endblock %}{% endautoescape %}.. code-block:: html+django:caption: ``child.html``{% extends "base.html" %}{% block title %}This & that{% endblock %}{% block content %}{{ greeting }}{% endblock %}Because auto-escaping is turned off in the base template, it will also beturned off in the child template, resulting in the following renderedHTML when the ``greeting`` variable contains the string ``<b>Hello!</b>``::<h1>This & that</h1><b>Hello!</b>Notes-----Generally, template authors don't need to worry about auto-escaping very much.Developers on the Python side (people writing views and custom filters) need tothink about the cases in which data shouldn't be escaped, and mark dataappropriately, so things Just Work in the template.If you're creating a template that might be used in situations where you'renot sure whether auto-escaping is enabled, then add an :tfilter:`escape` filterto any variable that needs escaping. When auto-escaping is on, there's nodanger of the :tfilter:`escape` filter *double-escaping* data -- the:tfilter:`escape` filter does not affect auto-escaped variables... _string-literals-and-automatic-escaping:String literals and automatic escaping--------------------------------------As we mentioned earlier, filter arguments can be strings::{{ data|default:"This is a string literal." }}All string literals are inserted **without** any automatic escaping into thetemplate -- they act as if they were all passed through the :tfilter:`safe`filter. The reasoning behind this is that the template author is in control ofwhat goes into the string literal, so they can make sure the text is correctlyescaped when the template is written.This means you would write ::{{ data|default:"3 < 2" }}...rather than::{{ data|default:"3 < 2" }} {# Bad! Don't do this. #}This doesn't affect what happens to data coming from the variable itself.The variable's contents are still automatically escaped, if necessary, becausethey're beyond the control of the template author... _template-accessing-methods:Accessing method calls======================Most method calls attached to objects are also available from within templates.This means that templates have access to much more than just class attributes(like field names) and variables passed in from views. For example, the DjangoORM provides the :ref:`"entry_set"<topics-db-queries-related>` syntax forfinding a collection of objects related on a foreign key. Therefore, givena model called "comment" with a foreign key relationship to a model called"task" you can loop through all comments attached to a given task like this::{% for comment in task.comment_set.all %}{{ comment }}{% endfor %}Similarly, :doc:`QuerySets</ref/models/querysets>` provide a ``count()`` methodto count the number of objects they contain. Therefore, you can obtain a countof all comments related to the current task with::{{ task.comment_set.all.count }}You can also access methods you've explicitly defined on your own models:.. code-block:: python:caption: ``models.py``class Task(models.Model):def foo(self):return "bar".. code-block:: html+django:caption: ``template.html``{{ task.foo }}Because Django intentionally limits the amount of logic processing availablein the template language, it is not possible to pass arguments to method callsaccessed from within templates. Data should be calculated in views, then passedto templates for display... _loading-custom-template-libraries:Custom tag and filter libraries===============================Certain applications provide custom tag and filter libraries. To access them ina template, ensure the application is in :setting:`INSTALLED_APPS` (we'd add``'django.contrib.humanize'`` for this example), and then use the :ttag:`load`tag in a template::{% load humanize %}{{ 45000|intcomma }}In the above, the :ttag:`load` tag loads the ``humanize`` tag library, which thenmakes the ``intcomma`` filter available for use. If you've enabled:mod:`django.contrib.admindocs`, you can consult the documentation area in youradmin to find the list of custom libraries in your installation.The :ttag:`load` tag can take multiple library names, separated by spaces.Example::{% load humanize i18n %}See :doc:`/howto/custom-template-tags` for information on writing your own customtemplate libraries.Custom libraries and template inheritance-----------------------------------------When you load a custom tag or filter library, the tags/filters are only madeavailable to the current template -- not any parent or child templates alongthe template-inheritance path.For example, if a template ``foo.html`` has ``{% load humanize %}``, a childtemplate (e.g., one that has ``{% extends "foo.html" %}``) will *not* haveaccess to the humanize template tags and filters. The child template isresponsible for its own ``{% load humanize %}``.This is a feature for the sake of maintainability and sanity... seealso:::doc:`The Templates Reference </ref/templates/index>`Covers built-in tags, built-in filters, using an alternative templatelanguage, and more.