Skip to content

Mesop

HTML

HTML

Overview¶

The HTML component allows you to add custom HTML to your Mesop app.

There are two modes for rendering HTML components:

sanitized (default), where the HTML is sanitized by Angular to remove potentially unsafe code like <script> and <style> for web security reasons.
sandboxed, which allows rendering of <script> and <style> HTML content by using an iframe sandbox.

Examples¶

import mesop as me


@me.page(
  security_policy=me.SecurityPolicy(
    allowed_iframe_parents=["https://google.github.io"]
  ),
  path="/html_demo",
)
def app():
  me.text("Sanitized HTML")
  me.html(
    """
Custom HTML
<a href="https://google.github.io/mesop/" target="_blank">mesop</a>
""",
    mode="sanitized",
  )
  with me.box(style=me.Style(margin=me.Margin.symmetric(vertical=24))):
    me.divider()
  me.text("Sandboxed HTML")
  me.html(
    "hi<script>document.body.innerHTML = 'iamsandboxed'; </script>",
    mode="sandboxed",
  )

API¶

`html` ¶

This function renders custom HTML in a secure way.

PARAMETER	DESCRIPTION
`html`	The HTML content to be rendered. TYPE: `str` DEFAULT: `''`
`mode`	Determines how the HTML is rendered. Mode can be either "sanitized" or "sandboxed". If "sanitized" then potentially dangerous content like `<script>` and `<style>` are stripped out. If "sandboxed", then all content is allowed, but rendered in an iframe for isolation. TYPE: `Literal['sanitized', 'sandboxed'] \| None` DEFAULT: `None`
`style`	The style to apply to the embed, such as width and height. TYPE: `Style \| None` DEFAULT: `None`
`key`	The component key. TYPE: `str \| None` DEFAULT: `None`