Skip to content

Mesop

HTML

HTML

Overview¶

The HTML component allows you to add custom HTML to your Mesop app.

There are two modes for rendering HTML components:

sanitized (default), where the HTML is sanitized by Angular to remove potentially unsafe code like <script> and <style> for web security reasons.
sandboxed, which allows rendering of <script> and <style> HTML content by using an iframe sandbox.

Examples¶

import mesop as me


def load(e: me.LoadEvent):
  me.set_theme_mode("system")


@me.page(
  on_load=load,
  security_policy=me.SecurityPolicy(
    allowed_iframe_parents=["https://google.github.io"]
  ),
  path="/html_demo",
)
def app():
  with me.box(style=me.Style(margin=me.Margin.all(15))):
    me.text("Sanitized HTML", type="headline-5")
    me.html(
      """
  Custom HTML
  <a href="https://google.github.io/mesop/" target="_blank">mesop</a>
  """,
      mode="sanitized",
    )

    with me.box(style=me.Style(margin=me.Margin.symmetric(vertical=24))):
      me.divider()

    me.text("Sandboxed HTML", type="headline-5")
    me.html(
      "<style>body { color: #ff0000; }</style>hi<script>document.body.innerHTML = 'iamsandboxed'; </script>",
      mode="sandboxed",
    )

API¶

`html` ¶

This function renders custom HTML in a secure way.

PARAMETER	DESCRIPTION
`html`	The HTML content to be rendered. TYPE: `str` DEFAULT: `''`
`mode`	Determines how the HTML is rendered. Mode can be either "sanitized" or "sandboxed". If "sanitized" then potentially dangerous content like `<script>` and `<style>` are stripped out. If "sandboxed", then all content is allowed, but rendered in an iframe for isolation. TYPE: `Literal['sanitized', 'sandboxed'] \| None` DEFAULT: `None`
`style`	The style to apply to the embed, such as width and height. TYPE: `Style \| None` DEFAULT: `None`
`key`	The component key. TYPE: `str \| None` DEFAULT: `None`