Skip to content

raw

The raw filter is used to bypass the automatic HTML escaping mechanism. In Liquid templates, special characters like <, >, &, and " are usually converted to their HTML entities (&lt;, &gt;, &amp;, &quot;) to prevent security issues and ensure proper rendering. The raw filter tells Experience Builder not to escape these characters when rendering a string.

Functionality

  • Strings: Takes a string as input.
  • Output: Returns the input string as-is, without any HTML escaping.

Syntax 

    {{ input_string | raw }}

Arguments

The raw filter does not require any arguments.

Code Samples

Example 1: Rendering HTML Code 

    {% assign html_content = "<p>This is a paragraph.</p>" %}
    {{ html_content | raw }}
Output:

    <p>This is a paragraph.</p>

Example 2: Displaying Special Characters 

    {% assign message = "This & that < than > greater than" %}   
    {{ message | raw }}

Output: 

This & that < than > greater than

Outliers and Special Cases

  • Security Risk: Be extremely cautious when using the raw filter with untrusted or user-generated content, as it can open your site to cross-site scripting (XSS) attacks.
  • No Effect on Escaped Strings: If the input string already has HTML entities, the raw filter won't change anything.

Key Points

  • The raw filter is primarily used when you need to output HTML code directly within your templates.
  • Use this filter only when you trust the source of the string and are confident that it does not contain any malicious code.
  • If you're unsure whether a string is safe, use the escape or escape_once filters to ensure proper HTML escaping.

Important Note: Misusing the raw filter can lead to serious security vulnerabilities. Always exercise caution when bypassing the built-in HTML escaping mechanisms.