Very newbie question, but please be gentle with me. Our site uses Django CMS and we're trying to insert some javascript into particular stories, but it appears Django is stripping out any javascript or iframes we put in there as soon as we save the story. How do we allow javascript to be used in stories? Is it being deliberately excluded, or do we need to code this function into the site?
Any help would be incredibly appreciated.
Django is probably automatically escaping the content the javascript / html as the template renders the content. It does this for security purposes.
The solution depends on which version of django you're running, whether you'll be rendering any content from untrusted sources, how the templates are put together and perhaps the view that prepares the content for the template.
Django doesn't strip out javascript, because it is client side agnostic.
How are you inserting javascript into your website? If you are trying to put it into database (like ) it will escaped.
Read through the docs on automatic HTML escaping:
http://docs.djangoproject.com/en/1.1/topics/templates/#id2
Related
I have a Python web app that uses Flask and Django (among other things). The app currently routes to quite a few HTML pages. A few of those HTML pages are forms that post to PHP files where the data is submitted to a db.
When launching with VSCode, all python and HTML files work great but the PHP file doesn't execute and obviously doesn't submit the data to the db. Conversely, when running the HTML/PHP files directly in Chrome, the data is submitted but the HTML form is no longer dynamic and the templates aren't successfully extended to the HTML file.
Is this goal even achievable? Should the PHP document be translated to a different language?
You've got two questions here- is it doable, and should you do it. The answer to the first is yes, it absolutely is doable- but the answer to the second is that you should not do it as it will be a maintenance nightmare and will introduce complexities into the system that you're probably going to want to avoid.
I´m new to web dev,
and I was wondering if it´s possible to make a website, that just need to present information of a company (HTML), in just one view.
Like rendering the entire bootstrap in one view.
Yes, you can serve your HTML code through a TemplateView.
So if your entire single page application sits in home.html you could definitely do this. But there is no point in using Django for only that purpose. You would rather want to serve your static HTML page from a classic web server like nginx or apache.
I don't know why would you want to do that.
You can use different html files which will be served as your website templates. You can also extend the files using a simple base.html file. This will help you if you want to open other links when people click on different links on the website.
See this example: https://github.com/singh1114/Djangosite/tree/master/duggal/webportal/templates/webportal.
For using this you have to know more about views and urls.
For making scrollable things, you need to know the concept of ids in HTML.
For example
http://yoursite.com/#your_name will try to find id your_name in the HTML. This way you can create scrollable things.
I'm switching to Pyramid from Apache/PHP/Smarty/Dreamweaver scheme.
I mean the situation of having static site in Apache with menu realized via Dreamweaver template or other static tools. And then if I wanted to put some dynamic content in html I could make the following:
Put smarty templates in html.
Create php behind html with same name. Php takes html as template.
Change links from html to php.
And that was all.
This scheme is convenient because the site is viewable in browser and editable
in Dreamweaver.
How can I reproduce this scheme in Pyramid?
There are separate dirs for templates and static content. Plus all this myapp:static modifiers in hrefs. Where to look up?
Thank you for your advices.
There is no smarty port for Python. So you would have to start using another template syntax, such as mako or chameleon
To do this, you would setup your view_config to respond to the url, end tell it to use the corresponding template.
If you want to do this, you would simple change your code. But this is not necessary, pyramid will process your requests, whether the url contains .html, .php, .python, /, or whatever.
You could still edit the templates in Dreamweaver I guess.
Only really static pages would be linked using static_url. If it is html that you mean to make into a template, it might be easiest to just start of with a template right away, without any dynamic content in it.
This is from the URL dispatch tutorial:
# in views.py
#view_config(route_name='view_page', renderer='templates/view.pt')
def view_page(request):
return {}
# in __init__.py
config.add_route('view_page', 'mypage.html')
You can build a small web application which uses traversal to serve html documents from a directory. Here's more explanations about how traversal works.
Then you can programmatically render those documents as Chameleon templates, using PageTemplateFile for example. This would allow you to include, say, common header/footer/navigation into every page.
This would mean that every page in your site will be in fact dynamic, so that would incur a small performance penalty for every page regardless of whether it has dynamic content or not, but you should not be concerned with this unless you're building the next Facebook. :) However, this approach would allow you to have a plain html document corresponding to every page in your website which you'll be able to edit using Dreamweaver or any other editor.
This is somewhat a different answer than ohters but here is a completely different flow.
Write all your pages in html. Everything!!! and then use something like angularjs or knockoutjs to add dynamic content. Pyramid will serve dynamic content requested using ajax.
You can then map everything to you html templates... edit those templates wherever you want since they are simply html files.
The downside is that making it work altogether isn't that simple at first.
This question already has answers here:
How can you tell if a site has been made with Django?
(7 answers)
Closed last year.
I actually have some questions (real childish).
1) If I know that a website has been developed using django , can we determine from the html source code (by right clicking and choosing "view page source ") , if that website has been developed using django?
2) If I have an HTML code for website written in HTML , and I just want to present it like that using django , how can present this HTML code using django?
3) For what kind of websites , should django be used or are used for ? I mean pure static page , blogs , or a simple google like .
Thanks in advance
Here are a few things you could use to determine if a web app was written in Django. None of these are foolproof by any means, but they could be indicators.
Try http://site.com/admin/ and see if it says "Django site admin" at the top.
Inspect all of the HTML source code of every form you can find on the site, and see if any contain an input tag with name='csrfmiddlewaretoken'. csrfmiddlewaretoken is Django's CSRF token identifier. Other web frameworks may use this same name, but Django is the predominant user of it.
Find information about the site owner and/or developer from a "Contact" page, Google their usernames/emails as well as the word "Django," such as "emailname#gmail.com django". If you see posts or questions about Django, this could possibly mean they use it often.
If all else fails, simply contact the site owner and ask them.
No, the source depends completely on the person who developed it, and there are no necessary "hints" that it was written in Django.
You should at least try the Django tutorial at https://www.djangoproject.com/, you'll learn the basics of setting up a Django application, and you'll answer your own question.
Django is pretty general purpose, a bit overkill for static pages. Anything else can be done in Django, the same way it can be done in Ruby on Rails or other Web frameworks.
Well, what you should do is to test the website behaviour in an unusal stiatuation, for example forcing it to return 404 or 500 error message, which developers often forget to customize.
If you for example go to http://www.galaxyzoo.org/ and then try to determine backend just by looking at HTML, you'll fail.
If, however, you try to access a page 'blablablabla' i.e. http://www.galaxyzoo.org/blablablabla then you'll see 404 message. If you paste the entrie text into google, you'll most likely get hits to Ruby On Rails... :)
Django leaves no trace on the html source unless you specifically do. If you only want a static site, django is overkill. Though if you really want to, have a look at django flatpages.
You could possibly try www.domainname.com/admin. Some people leave their admin at that url and you can see the login page.
If they left the login page as default, the title tag will say Login | Django site admin or something like that.
For example: http://www.snowbird.com/admin/ (no affiliation)
No.
Yes. See direct_to_template
See djangosites.org
I was not able to come up with a better title for this post, so if anybody does not find it appropriate , please go ahead and edit it.
I am using flask as my python framework, and normally I render templates doing somnething like the below:-
#app.route('/home')
def userhome():
data=go get user details from the database
return render_template("home.html",userdata=data)
Now I have a template name home.html in which I iterate over the values of "userdata" like userdata.name, userdata.age etc and these values take their appropriate spaces in the template.
However I am working on an application in which navigation is via ajax and no fall back if javascript is not available(basically the app does not work for ppl without javascript).
The navigation menu has say few tabs on the left ,(home,youroffers,yourlastreads). The right column is supposed to dynamically change based on what the user clicks.
I am unable to understand how I handle templating here. Based on what the user clicks I can send him the required data from the db via a json through an xhrGET or xhrPOST.Does the entire templating have to be handled at the server end and then transfer the entire template via an ajax call. I actually dont like that idea much. Would be great if someone could point me in the right direction here.
Now in the page that is loaded via ajax , there are some scripts which are present. Will these scripts work, if loaded via ajax.
You have two options: template on the server, or template in the browser.
To template in the server, you create an endpoint much like you already have, except the template only creates a portion of the page. Then you hit the URL with an Ajax call, and insert the returned HTML somewhere into your page.
To template in the browser, your endpoint creates a JSON response. Then a Javascript templating library can take that JSON, create HTML from it, and insert it into the page. There are lots of jQuery templating solutions, for example.
I would choose server side templating, because unless you find a JS library that handles the same templating language your code isn't going go be DRY.
In the home.html template, I'd do something like
<%extends base.html%>
<%include _user_details.html%>
... <% footer and other stuff%>
And keep the actual markup in _user_details.html. This way, for an AJAX request you just render the _user_details.html partial only.