# Filters

URL: /chirp/docs/build-apps/html-fragments/filters/
Section: html-fragments
Tags: templates, filters, globals, kida

--------------------------------------------------------------------------------

Built-in Filters Chirp ships with built-in filters that are automatically available in every template. These complement Kida's core filters with web-specific utilities. field_errors Extract validation errors for a single form field from an errors dict. Returns a list of error messages. &#123;% for msg in errors | field_errors(&quot;email&quot;) %&#125; &lt;p class=&quot;error&quot;&gt;{{ msg }}&lt;/p&gt; &#123;% end %&#125; If the field has no errors, or errors is None, an empty list is returned — so the loop simply produces nothing. Typical usage with form_or_errors(): @app.route(&quot;/signup&quot;, methods=[&quot;POST&quot;]) async def signup(request: Request): result = await form_or_errors(request, SignupForm, &quot;signup.html&quot;, &quot;form&quot;) if isinstance(result, ValidationError): return result # errors and form values are included # ... process valid data &lt;label&gt;Email&lt;/label&gt; &lt;input name=&quot;email&quot; value=&quot;{{ form.email ?? &quot;&quot; }}&quot;&gt; &#123;% for msg in errors | field_errors(&quot;email&quot;) %&#125; &lt;span class=&quot;field-error&quot;&gt;{{ msg }}&lt;/span&gt; &#123;% end %&#125; qs Build a URL with query-string parameters. Falsy values are automatically omitted. &lt;a href=&quot;{{ &#x27;/search&#x27; | qs(q=query, page=page) }}&quot;&gt;Search&lt;/a&gt; {# Output: /search?q=hello&amp;page=2 #} Falsy values (None, &quot;&quot;, 0, False) are dropped: {{ &#x27;/items&#x27; | qs(q=query, category=category, page=none) }} {# If category is &quot;&quot;, outputs: /items?q=hello #} Appends to existing query strings: {{ &#x27;/search?q=hello&#x27; | qs(page=2) }} {# Output: /search?q=hello&amp;page=2 #} Special characters are URL-encoded: {{ &#x27;/search&#x27; | qs(q=&quot;hello world&quot;) }} {# Output: /search?q=hello%20world #} attr Output an HTML attribute when the value is truthy, else nothing. Shorthand for optional attributes without &#123;% if %&#125; blocks. &lt;a href=&quot;{{ href }}&quot;{{ class | attr(&quot;class&quot;) }}&gt;{{ text }}&lt;/a&gt; {# When class is &quot;active&quot;: &lt;a href=&quot;/foo&quot; class=&quot;active&quot;&gt;Foo&lt;/a&gt; #} {# When class is &quot;&quot; or None: &lt;a href=&quot;/foo&quot;&gt;Foo&lt;/a&gt; #} Useful for optional class, data-*, hx-*, and other attributes. Values are HTML-escaped. url Safelist a URL for href attributes. Validates the scheme (blocks javascript:, data: etc.) and returns the URL or a fallback if unsafe. Use when building links from user or external data. &lt;a href=&quot;{{ user_link | url }}&quot;&gt;User link&lt;/a&gt; &lt;a href=&quot;{{ external_url | url(fallback=&#x27;/&#x27;) }}&quot;&gt;External&lt;/a&gt; island_props Serialize JSON props safely for island mount attributes: &lt;div data-island=&quot;editor&quot; data-island-props=&quot;{{ state | island_props }}&quot;&gt; Fallback editor UI. &lt;/div&gt; Use with the island_attrs(...) global for convenience: &lt;div{{ island_attrs(&quot;editor&quot;, props=state, mount_id=&quot;editor-root&quot;) }}&gt; Fallback editor UI. &lt;/div&gt; Use primitive_attrs(...) when you want stricter primitive metadata: &lt;div{{ primitive_attrs(&quot;grid_state&quot;, props={&quot;stateKey&quot;: &quot;team&quot;, &quot;columns&quot;: [&quot;name&quot;, &quot;role&quot;]}) }}&gt; ... &lt;/div&gt; Security Filters (from Kida) Chirp uses Kida's template engine, which provides escape and safe filters. These are critical for preventing XSS. e / escape — HTML-escape a value. When AppConfig(autoescape=True) (the default), &#123;&#123; x &#125;&#125; is escaped automatically. Use | e explicitly when chaining filters that might strip escaping (e.g. &#123;&#123; user_input | upper | e &#125;&#125;). safe(reason=&quot;...&quot;) — Mark output as trusted HTML so it is not escaped. Only use for content that is sanitized or from trusted sources (e.g. sanitized markdown output, CMS blocks, server-generated HTML). Never use on raw user input — that enables XSS. {{ content | markdown }} {{ cms_block | safe(reason=&quot;admin-only CMS&quot;) }} Chirp's markdown filter sanitizes unsafe HTML and URLs by default and returns template-safe markup. Pass sanitize=False to register_markdown_filter() only for trusted markdown where raw HTML is intentional. The reason argument is for code review and audit; it is not used at runtime. URL attributes — When building href from user data, use the url filter or Kida's url_is_safe() / safe_url() in a custom filter. See Kida security docs for context-specific escaping (JavaScript, CSS). HTML validation — Validate markup with whatwg.org/validator to catch conformance errors. Chirp's chirp check &lt;app&gt; (and app.check()) validates hypermedia contracts: hx-get/hx-post/hx-put/hx-delete/hx-patch and action URLs must resolve to registered routes with compatible methods. Query params (e.g. ?page=1) are stripped before matching. Use both for full coverage. Custom Filters Filters transform values in templates. Register them with @app.template_filter(): @app.template_filter() def currency(value: float) -&gt; str: return f&quot;${value:,.2f}&quot; @app.template_filter() def pluralize(count: int, singular: str, plural: str) -&gt; str: return singular if count == 1 else plural Use them in templates with the pipe syntax: &lt;span class=&quot;price&quot;&gt;{{ product.price | currency }}&lt;/span&gt; &lt;span&gt;{{ count }} {{ count | pluralize(&quot;item&quot;, &quot;items&quot;) }}&lt;/span&gt; Named Filters By default, the function name becomes the filter name. Override it with an argument: @app.template_filter(&quot;fmt_date&quot;) def format_date(dt: datetime) -&gt; str: return dt.strftime(&quot;%B %d, %Y&quot;) &lt;time&gt;{{ post.created_at | fmt_date }}&lt;/time&gt; Template Globals Globals are functions or values available in every template without being passed in the context: @app.template_global() def site_name() -&gt; str: return &quot;My App&quot; @app.template_global() def current_year() -&gt; int: return datetime.now().year &lt;footer&gt;&amp;copy; {{ current_year() }} {{ site_name() }}&lt;/footer&gt; Registration Timing Filters and globals must be registered during the setup phase (before app.run() or the first request). They become part of the kida environment at freeze time. app = App() # Register during setup @app.template_filter() def upper(value: str) -&gt; str: return value.upper() # This works app.run() # Registering after freeze would raise an error Type Safety Filters are regular Python functions with full type annotations. Your IDE provides autocomplete and type checking for filter arguments. @app.template_filter() def truncate(value: str, length: int = 50, suffix: str = &quot;...&quot;) -&gt; str: if len(value) &lt;= length: return value return value[:length].rsplit(&quot; &quot;, 1)[0] + suffix Next Steps Rendering -- How templates are rendered App Lifecycle -- When filters are registered API Reference -- Complete API surface

--------------------------------------------------------------------------------

Metadata:
- Word Count: 850
- Reading Time: 4 minutes