I have a web-app consisting of some html forms for maintaining some tables (SQlite, with CherryPy for web-server stuff). First I did it entirely 'the Python way', and generated html strings via. code, with common headers, footers, etc. defined as functions in a separate module.
I also like the idea of templates, so I tried Jinja2, which I find quite developer-friendly. In the beginning I thought templates were the way to go, but that was when pages were simple. Once .css and .js files were introduced (not necessarily in the same folder as the .html files), and an ever-increasing number of {{...}} variables and {%...%} commands were introduced, things started getting messy at design-time, even though they looked great at run-time. Things got even more difficult when I needed additional javascript in the or sections.
As far as I can see, the main advantages of using templates are:
Non-dynamic elements of page can easily be viewed in browser during design.
Except for {} placeholders, html is kept separate from python code.
If your company has a web-page designer, they can still design without knowing Python.
while some disadvantages are:
{{}} delimiters visible when viewed at design-time in browser
Associated .css and .js files have to be in same folder to see effects in browser at design-time.
Data, variables, lists, etc., must be prepared in advanced and either declared globally or passed as parameters to render() function.
So - when to use 'hard-coded' HTML, and when to use templates? I am not sure of the best way to go, so I would be interested to hear other developers' views.
TIA, Alan
Although I'm not a Python developer, I'll answer here - I believe the idea of using templates is common for PHP and Python.
Using templates has many advantages, like:
keeping the code clean. Separating the "logic" (controller) code from the presentation (view) is very important. Working on projects that mix HTML / CSS / JS / Python is really hard.
keeping HTML in separate files doesn't require you to modify the code itself. For example, placing in the controller code (Python code) might require you to put a slash before each " character.
you can ask your web designer to learn the basics of templates syntax so he's able to help you much without destroying your work on the controller code (which is quite common when a person with no experience in a given language modifies something)
in fact, there are many more advantages, but those are most important for me.
The only disadvantage is that you have to pass parameters to the rendering function ... which doesn't require much of work. Anyway it's much easier than maintaining any project that mixes controller code with view code.
Generally, you should have a look at >MVC pros and cons question< :
What is MVC and what are the advantages of it?
The simplest way to solve your static file problem is to use relative paths when referring to them in your html. For example: <img src="static/image.jpg" />
If you're willing to put in a little more work, you can solve all the design-time problems you mentioned by writing a mini-server to display your templates.
Maintain a file full of simple data structures containing example values for all your templates.
Use a microframework like Werkzeug to serve http on your local machine.
Write a root request handler that scans your data structure list or templates directory to produce an index page with links to all your templates.
Write a secondary request handler for non-root requests, which renders the requested template with the data structure of the same name.
You can write this tool in a few hours, and it makes template design very convenient. One nice feature of Werkzeug's built-in wsgi server is that it can automatically reload itself when it detects that a file has changed. You can leave your mini-server running while you edit templates and click links on your index page all day.
I would highly recommend using templates. Templates help to encourage a good MVC structure to your application. Python code that emits HTML, IMHO, is wrong. The reason I say that is because Python code should be responsible for doing logic and not have to worry about presentation. Template syntax is usually restrictive enough that you can't really do much logic within the template, but you can do any presentation specific type logic that you may need.
ymmv.
I think that templates are still the best way to separate presentation from business logic. The key is a good templating engine, in particular, one that can make decisions in the template itself. For Python, I've found the Genshi templating engine to be quite good. It's used by the Trac Wiki/Issue tracking system and is quite powerful, while still leaving the templates easy to work with.
For other tasks, I tend to use the BeautifulSoup module. I'll create a simple HTML page, parse it with BeautifulSoup, use the resulting object to add the necessary data, and then write the output to its destination (typically a file for me).
As a Seaside developer, I see no use for templates, if your designer can do css. In practice, I find it impossible to keep templates DRY. Take a look at this question to see the advantages of using code (a DSL) to generate your page. You might be bound by legacy, of course.
Separation of presentation (html) and business logic in web apps does not lead to good modularisation, i.e. low coupling and high cohesion. That is why separate template systems don't work well.
I just read Jeff Atwoods "What's Wrong With CSS". This again is a problem long solved in the smalltalk world with the Phantasia DSL
Related
I hope I'm asking on the right StackExchange site.
I've written a console program in Python onto which I'd like to put a web interface, but I'm having a hard time deciding what web framework to choose. I don't need much, but I'd like to avoid unnecessary work in trying to use it. I don't have a need for a database (for now), so that's not important to me at all.
I've looked at Django, Web2py, bottle.py, and web.py.
Django and Web2py seem to be great if I were starting out from scratch, but I'm not, and seems a little difficult to integrate into existing code.
bottle.py and web.py almost seem like they could work out, but they're so basic, I'm hoping there's something else out there that wouldn't require so much in the way of templating as these seem to do.
I don't simply want to make a carbon copy of the console interface put into a browser, but rather customize it for a web interface, so I'm not necessarily looking for anything that would simply wrap a console application into a web interface (although that would be interesting too.)
That's a sort of hard problem... Personally I don't see web.py as all that 'basic' as you put it. It should be really easy to wrap your code in some classes with GET and POST functions and be done.
Also, Django can be 'minified' as it were: How do I write a single-file Django application? is a whole conversation about this.
I would say, what is too 'basic' for you? You mentioned 'templating', but how would something magically template for you? There are open source templates for web apps, things like twitter bootstrap come to mind, that kind of give you a ready-made template for your next web app. Also YUI, and dojo do similar sorts of things (tho have a much different focus, since they are full blown JS frameworks).
That said, there is a brand new project called 'shovel' (here): https://github.com/seomoz/shovel
I haven't used it yet, but it seems to do the wrapping of commands into a web interface for you. which you said would be 'interesting'.
Personally I use web.py for all my web stuff.
I suggest Django. I've used Django both for simple mostly static sites and for sites with a lot of forms and I can't say Django imposes any restrictions or forces you to write hundreds LoC even for simple things. Instead you get nice auto generated administrative interface, built-in ORM, internationalization tools and many other things. Thereby, you have great opportunities to grow functionality of your app. In addition it has such vital thing as up-to-date documentation for every module.
Tutorial takes few hours and gives enough information to start developing full-blown sites.
Thanks the continuation which is implemented in the Nagare framework, you can develop a Web application like a console or desktop UI application: put the console code in a component.Task, then create some components for each interaction, i.e. some views that show the data that you print in your console application and receive some user input back. Then, the Nagare framework takes care of the rest: no need to declare URLS, to pass the context from a page to next...
PyQT can be handy if you are looking to implement it, to quote from the RiverBank PyQT website listed below:
"The QtWebKit module implements a web browser engine based on the WebKit open source browser engine used by Apple's Safari. It allows the methods and properties of Python objects to be published and appear as JavaScript objects to scripts embedded in HTML pages."
Source: http://www.riverbankcomputing.co.uk/software/pyqt/intro
Also, do not give up hope if that does not do the trick, as there is also "Pyjamas" which is very handy! Here is a brief description of it:
"Pyjamas is a Rich Internet Application (RIA) Development Platform for both Web and Desktop.
It contains a Python-to-Javascript compiler, an AJAX framework and a Widget Set API. Pyjamas started life as a Python port of Google Web Toolkit, the Java-to-Javascript compiler. Read the FAQ and the list of features."
source: http://pyjs.org
found via: google.com
I would say that when you are always looking to see what the best to use is, ask your question in google, and look on multiple sites and compare the top results of multiple sites to your question, also, it really depends on what you need and what your strong hand plays better in.
I hope this isn't knocked for being too general, but... I recently had occasion to learn web2py for a final year university project. In this subject teams of four had 8 weeks to design a web app. Ultimately i found that web2py was quite versatile, with it being very easy to get a site up and running fast, a lot of options (janrain etc) - but the end "style" result relied almost entirely on us.
Amongst the other teams, who used other frameworks (each team a different one on the whole), a few of the sites came out with a very slick polished look, without them having to spend much photoshop/css design time and effort. I got the impression that some frameworks are more "friendly" when it came to out of the box design elements (buttons, navigation options, widgets, base css etc) while others aren't.
I have a python (/C/java) background, and intend to learn PHP some point. What frameworks exist out there that provided a base for site design beyond the bare bones? And to emphasise, I have browsed the python page listing frameworks, i am more interested in the design aspect - even if just to see if my assumption was correct.
I'm not sure other frameworks are necessarily more "friendly" regarding design elements, as the client-side styling is really independent of the server-side framework. You can easily plug in any front-end boilerplate/framework to provide nicer styling, whichever server-side framework you are using. At least among Python frameworks, I think web2py is one of the few to provide any front-end scaffolding application (including some basic styling) at all. With most of the others, you're on your own.
That having been said, web2py will soon be releasing a new mobile-friendly scaffolding application based on Skeleton, with improved styling. Though you can just as easily use other front-end frameworks, such as Twitter Bootstrap, Foundation, HTML5Boilerplate, etc.
web2py also allows for the development and application of layout plugins to easily replace the app's styling. Some examples can be found here and here, and they are also available in the application wizard (demo).
I feel your pain. As a developer coming from the desktop world and doing some web development, I'm used to setting up the appearance of my application at the same time I select and arrange my user interface widgets.
You will just have to accept that browser based software does not work that way. You must separately learn CSS. Hopefully, you'll learn to like this method of specifying the appearance of the application but whether you do or not there really isn't any alternative to this approach in the browser.
So far what I've seen about Yii Framework (PHP) is that it can generate an initial nice Styled Web Application backbone, ready for you to work in it adding your functionality, DBs, User roles, etc. and of course all the freedom to define your own Look and Feel by defining HTML views, CSS, JS, etc.
I'm about to start learning and using a PHP Framework for my next project. I have never yet used a Framework but I have several years using PHP/MySQL.
For some weeks I have researched on PHP Frameworks and there are CakePHP, CodeIgniter, Zend, Yii, Kohana, etc. and I'm leaning to Yii even though CodeIgniter seems to have more followers I'm stubborn on checking out Yii because of the high praise is getting specially in its quality built and performance.
I wouldn't know how good the other PHP frameworks are on the "default visual style" area.
Your question seems too generic. I believe your problem is the template library more than the whole framwework.
Maybe this is what you need: http://beebole.com/pure/. This is a javascript template library that let's you render pure html/css templates without embedded python code (dinamic parts are feeded using json data). In this way you can just take a well designed static website and render them dinamic with whatever web framework you like.
I need to make a tabular data structure (tab delimited text file) available for viewing as a web based solution. I am a bioinformatics programmer with almost no experience in web based development. I know that django is very hot in the python community but I wanted to ask here before I went ahead and buy a book on django. What would be your choice of technology stack to accomplish something like this.
I need to display a table of 40-50 columns and 100.000 rows and hopefully let the user filter the data based on certain data items ( i.e only show rows that have a certain value in a certain column , show only data that was recorded on Monday and hide all other weekdays)
I am sorry if this question is too vague or stupid but I really need some basic guidance here.
Thanks
Django can do this fairly easily.
Django can do this, but I think the best way to go is to use a Javascript framework ontop of django, I am currently doing this. ExtJS has various types of grids in your situation I think a 'Live' grid would be perfect.
It loads x amount of rows, so that you dont have to load 100,000 rows everytime, just what the user sees. Also, filters etc are built in as well as many other features
Other javascript frameworks that do similar things are YUI and in my opinion JQuery to a lesser extent
Edit/Elaborate
So obviously here isnt the place for a beginners crash course, but in my opinion there is a couple of things you need to do and know.
This will work by firstly creating a django view that returns a JSON string. (If that sentence didnt make a whole bunch of sense, I would recommend skimming over the Django tutorial...actually, you probably should do that anyway) Python has methods to turn datatypes such as dictionaries/csv's (in your case, I guess a TSV lol) to this format. THEN, when you have this (can be pointed to by a url...when you dive into Django it will make more sense) then you create the ExtJS grid and point it to that url.
There is a whole bunch of tutorials about ExtJS grids here, notably the Tutorial:Grid PHP SQL I think would be helpful. Obviously not php, but the concept is the same.
Unfortunately I dont have any examples of my own to show you, but there are TONS of resources about this stuff, I wouldnt bother buying a book
I think this could be done easily without JavaScript. What neolaser is outlining is my preferred solution as well, but django could do this no sweat. You would need
to configure your models.py to match your database
a view that accepts get requests and makes queries based off of their contents. http://docs.djangoproject.com/en/dev/ref/models/querysets/
a template that displays the results of those queries and allows you make get requests which your view will interpret.
Because django is such a well-used framework, it's pretty easy to find a run down on the various terms (google: "django views", "django models", etc).
If what you describe is really all you're doing, then I'd say Django may be overkill. Maybe first try a simpler basic framework like Cherrypy (see tutorial) to serve your simple page/form (you don't even need templates, just spit back HTML yourself). Now all you need is a bit of code to read, filter and/or page, and format your CSV.
If you want to put something like this together very quickly and easily and you don't have much web development experience, I think your best bet would be web2py. It requires no installation or configuration, has no dependencies, and includes a web server, a relational database, a web-based integrated development environment and admin interface (demo), and jQuery integration (for Javascript and Ajax). It's very easy to learn and was designed for ease of use and developer productivity. You can get a lot done with very little code thanks to the included scaffolding app along with many sensible default behaviors.
As for table/grid displays, you could probably use:
The jqGrid plugin - a web2py plugin for jqGrid
powerTable (source code) - a web2py plugin for DataTables
If you need help getting started or have any questions, you'll get lots of help from the very friendly and responsive mailing list.
I mean I understand that these templates are aimed at designers and other less code-savvy people, but for developers I feel the template language is just a hassle. I need to re-learn how to do very simple things like iterate through dictionaries or lists that I pass into the template, and it doesn't even seem to work very well. I'm still having trouble getting the whole "dot" notation working as I would expect (for example, {{mydict.dictkey}} inside a for loop doesn't work :S -- I might ask this as a separate question), and I don't see why it wouldn't be possible to just use python code in a template system. In particular, I feel that if templates are meant to be simple, then the level of python code that would need to be employed in these templates would be of a caliber not more complicated than the current templating language. So these designer peeps wouldn't have more trouble learning that much python than they would learning the Django template language (and there's more places you can go with this knowledge of basic python as opposed to DTL) And the added advantage would be that people who already know python would be in familiar territory with all the usual syntax and power available to them and can just get going.
Am I missing something? If so I plead django noob and would love for you to enlighten me on the many merits of the current system. But otherwise, any recommendations on other template systems that may be more what I'm looking for?
The reason that most people give for limited template languages is that they don't want to mix the business logic of their application with its presentation (that wouldn't work well with the MVC philosophy; using Django I'm sure you understand the benefits of this).
Daniel Greenfeld wrote an article a few days ago explaining why he likes "stupid template languages", and many people wrote responses (see the past few days on Planet Python). If you read what Daniel wrote and how others responded to it, you'll get an idea of some of the arguments for and against allowing template languages to use Python.
Don't forget that you aren't limited to Django's template language. You're free to use whatever templating system you like in your view functions. However you want to create the HTML to return from your view function is fine. There are many templating implementations in the Python world: choose one that suits you better, and use it.
Seperation of concerns.
Designer does design. Developer does development. Templates are written by the designers.
Design and development are independent and different areas of work typically handled by different people.
I guess having template code in python would work very well if one is a developer and their spouse is a designer. Otherwise, let each do his job, with least interference.
Django templates don’t just use Python code for the same reason Django uses the MVC paradigm:
No particular reason.
(ie: The same reason anyone utilizes MVC at all, and that reason is just that certain people prefer this rigid philosophical pattern.)
In general I’d suggest you avoid Django if you don’t like things like this, because the Django people won’t be changing this approach. You could also, however, do something silly (in that it’d be contradictory to the philosophy of the chosen software), like put all the markup and anything else you can into the "view" files, turning Django from its "MVC" (or "MTV" ) paradigm into roughly what everything else is (a boring but straightforward lump).
I want to allow users to create tiny templates that I then render in Django with a predefined context. I am assuming the Django rendering is safe (I asked a question about this before), but there is still the risk of cross-site-scripting, and I'd like to prevent this. One of the main requirements of these templates is that the user should have some control over the layout of the page, not just it's semantics. I see a couple of solutions:
Allow the user to use HTML, but filter out dangerous tags manually in the final step (things like <script> and <a onclick='..'>. I'm not so enthusiastic about this option, because I'm afraid I might overlook some tags. Even then, the user could still use absolute positioning on <divs> to mess up a thing or two on the rest of the page.
Use a markup language that produces safe HTML. From what I can see, in most markup languages, I could strip any html, and then process the result. The problem with this is that most markup languages are not very powerful layout-wise. As far as I could see there is no way to center elements in Markdown, not even in ReST. The pro here is that some markup languages are well-documented, and users might already know how to use them.
Come up with some proprietary markup. The cons I see here are pretty much all implied by the word proprietary.
So, to summarize: Is there some safe and easy way to "purify" HTML — preventing xss — or is there a reasonably ubiquitous markup language that gives some control over layout and styling.
Resources:
My earlier question about Django templates
Class names in markdown.
Seeing Pekka's answer, I tried to quickly Google an HTML Purifier equivalent in Python. Here's what I came up with: Python HTML Sanitizer. At first glance, it looks pretty good to me.
There's PHP-Based HTML purifier, I have not used it myself yet but heard very good things about it. They promise a lot:
HTML Purifier is a standards-compliant
HTML filter library written in
PHP. HTML Purifier will not only remove all malicious
code (better known as XSS) with a thoroughly audited,
secure yet permissive whitelist,
it will also make sure your documents are
standards compliant, something only achievable with a
comprehensive knowledge of W3C's specifications.
Maybe it's worth a try even though it's not Python based. Update: #Matchu has found a Python based alternative that looks good too.
You'll have a lot of very difficult edge cases, though, just think about Flash embeds. Plus, malicious uses of position: absolute are extremely difficult to track down (there's position: relative that could achieve the same effect, but also be a completely legitimate layout tool.) Maybe take a look at what - for example - EBay allow, and don't allow? If anybody has the necessary experience to know what's dangerous and what isn't from millions of examples, they do.
Related resources on EBay:
HTML & JavaScript with examples
Site Interference it's unclear, though, what is just forbidden, and what gets filtered
From what I found, they don't seem to publish their internal HTML blacklists, but output an error message if forbidden code is found. (Probably a wise move on their part, but unfortunate for the purposes of this question.)
"Use a markup language that produces safe HTML."
Clearly, the only sensible approach.
"The problem with this is that most markup languages are not very powerful layout-wise."
False.
"no way to center elements in ReST."
False.
Centering is a style -- a CSS feature -- not a markup feature.
The want to center is to assign an CSS Class to a piece of text. The .. class:: directive does this.
You can also define your own interpreted text role, if that's necessary for specifying an inline class on a piece of <span> markup.
You are overlooking server side security issues. You need to be very careful that users can't use the templates import or include mechanism to access files they don't have permission to.
The bigger challenge is to prevent the template system from infinite loops and recursion. This is an obvious threat to system performance, but depending on the implementation and deployment setup, the server may never timeout. With a finite number of python threads at your disposal, repeated calls to a misbehaving template could quickly bring your site down.