web2py was written by a college professor to teach web development on a tight schedule. he didn't like the existing ones that took too long to get a Hello World thing up and running. "pick a db engine" is not something that needs to be part of the 2 hours of class time this week.
but, it is targeting web development, not Python. And I am pretty sure it wants functions and a few other stated requirements. The only reason I bring it up is it may be a better fit that any of the other proposed ideas, and its install really is: http://www.web2py.com/init/default/download "After download, unzip it and click on web2py.exe (windows) or web2py.app (osx). To run from source, type: python2.7 web2py.py" (I guess Linux users are good with "run from source") I can confirm it works, but I have never done anything real, but I know people who have, so I would not be afraid of it. OTOH, it may not be the solution you are looking for, and that's fine. On Mon, Apr 2, 2018 at 3:20 PM, Andrew Harrington <ahar...@luc.edu> wrote: > Bottle sound like it makes things very simple. > I also have a chapter introducing server-side Python interaction in very > simple cases. > http://anh.cs.luc.edu/python/hands-on/3.1/handsonHtml/ch4.html > It does come well after function introduction. > > Dr. Andrew N. Harrington > Computer Science Department > Graduate Program Director g...@cs.luc.edu > Loyola University Chicago > 207 Doyle Center, 1052 W Loyola Ave. > http://www.cs.luc.edu/~anh > Phone: 773-508-3569 > Dept. Fax: 773-508-3739 > ahar...@luc.edu (as professor, not gpd role) > > On Sat, Mar 31, 2018 at 8:20 PM, Wes Turner <wes.tur...@gmail.com> wrote: >> >> Web programming is fun but dangerous. >> Things as simple as 'it reads a file off the disk and sends it to the >> user' can unintentionally expose every readable file to whoever or whatever >> can access localhost. >> >> ```python >> os.path.join('here', '/etc/shadow') >> path = 'here/' + '../../../../etc/shadow' >> ``` >> >> All of the examples in this thread are susceptible to XSS (Cross Site >> Scripting) and CSRF (Cross-site Request Forgery). Don't feel bad; many >> college web programming courses teach dangerous methods, too. >> >> XSS: >> ``` >> x = """</body><script>alert('download_mining_script()')</script>""" >> return f'<html><body>{x}' >> """ >> >> Bottle has multiple templating engines which escape user-supplied input >> (in order to maintain a separation between data and code). >> >> Like XSS, SQLi is also a 'code injection' issue. pypi:Records can use >> SQLAlchemy. Django is a great framework with a built-in ORM that also >> escapes SQL queries. >> >> CSRF: >> - X posts an XSS to site A that POSTs to site B >> - 100 users view site A >> - [...] >> >> http://bottle-utils.readthedocs.io/en/latest/csrf.html >> >> https://bottlepy.org/docs/dev/tutorial.html#html-form-handling >> >> OWASP has a lot of information on WebSec: >> >> OWASP Top 10 >> https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project >> >> The OWASP Vulnerable Web Applications Directory Project (VWAD) >> https://github.com/OWASP/OWASP-VWAD >> >> Any program or user on the system can read and write to localhost. >> >> >> On Saturday, March 31, 2018, Wes Turner <wes.tur...@gmail.com> wrote: >>> >>> Bottle is a single file web microframework. >>> >>> https://github.com/bottlepy/bottle >>> https://github.com/bottlepy/bottle/blob/master/bottle.py >>> >>> > Example: "Hello World" in a bottle >>> >>> ```python >>> from bottle import route, run, template >>> >>> @route('/hello/<name>') >>> def index(name): >>> return template('<b>Hello {{name}}</b>!', >>> name=name) >>> >>> run(host='localhost', port=8080) >>> ``` >>> >>> There are docs and every function is Ctrl-F'able within bottle.py. >>> >>> On Friday, March 30, 2018, kirby urner <kirby.ur...@gmail.com> wrote: >>>> >>>> >>>> Very interesting. I note that free users are relegated to Python 2.7 >>>> >>>> Server modules can be Python 3.6 (outside the free version) >>>> >>>> Client stuff compiles to JavaScript and is approximately 2.7 >>>> >>>> That's a bit confusing maybe. I try to avoid 2.7 but that's not easy. >>>> >>>> In my Coding with Kids work, we use Codesters.com to teach Python, which >>>> depends on Skulpt. Also 2.x ish. >>>> >>>> Kirby >>>> >>>> >>>> >>>> On Fri, Mar 30, 2018 at 11:49 AM, Jason Blum <jason.b...@gmail.com> >>>> wrote: >>>>> >>>>> http://anvil.works/ is a pretty interesting approach to Python web >>>>> applications. >>>>> >>>>> On Fri, Mar 30, 2018 at 2:05 PM, kirby urner <kirby.ur...@gmail.com> >>>>> wrote: >>>>>> >>>>>> >>>>>> Hi Aivar -- >>>>>> >>>>>> I think it's a fine idea to write simple Python scripts that write >>>>>> HTML files, which you may then pull up in the browser. >>>>>> >>>>>> There's no need to put a server behind static web pages. So, for >>>>>> example, I'll have my students write a page of bookmarks: >>>>>> >>>>>> # -*- coding: utf-8 -*- >>>>>> """ >>>>>> Created on Wed Nov 4 18:02:30 2015 >>>>>> >>>>>> @author: Kirby Urner >>>>>> """ >>>>>> >>>>>> # tuple of tuples >>>>>> bookmarks = ( >>>>>> ("Anaconda.org", "http://anaconda.org"), >>>>>> ("Python.org", "http://python.org"), >>>>>> ("Python Docs", "https://docs.python.org/3/"), >>>>>> ("Spaghetti Code", "http://c2.com/cgi/wiki?SpaghettiCode"), >>>>>> ("Structured Programming", >>>>>> "http://c2.com/cgi/wiki?StructuredProgramming"), >>>>>> ("Map of Languages", >>>>>> "http://archive.oreilly.com/pub/a/oreilly//news/languageposter_0504.html"), >>>>>> ("XKCD", "http://xkcd.com"), >>>>>> ) >>>>>> >>>>>> page = '''\ >>>>>> <!DOCTYPE HTML> >>>>>> {} >>>>>> ''' >>>>>> >>>>>> html = """\ >>>>>> <HTML> >>>>>> <HEAD> >>>>>> <TITLE>Bookmarks for Python</TITLE> >>>>>> </HEAD> >>>>>> <BODY> >>>>>> <H3>Bookmarks</H3> >>>>>> <BR /> >>>>>> <UL> >>>>>> {} >>>>>> </UL> >>>>>> </BODY> >>>>>> </HTML> >>>>>> """.lower() >>>>>> >>>>>> the_body = "" >>>>>> for place, url in bookmarks: >>>>>> the_body += "<li><a href='{}'>{}</a></li>\n".format(url, place) >>>>>> >>>>>> webpage = open("links.html", "w") >>>>>> print(page.format(html.format(the_body)), file=webpage) >>>>>> webpage.close() >>>>>> >>>>>> All you need add to your example is using print() to save to a file, >>>>>> so the browser has something to open. >>>>>> >>>>>> I would not call this a "web app" yet it's instructive in showing how >>>>>> Python can write HTML files. >>>>>> >>>>>> Kirby >>>>>> >>>>>> >>>>>> >>>>>> On Wed, Mar 28, 2018 at 12:18 AM, Aivar Annamaa <aivar.anna...@ut.ee> >>>>>> wrote: >>>>>>> >>>>>>> Hi! >>>>>>> >>>>>>> Let's say my students are able to write programs like this: >>>>>>> >>>>>>> name = input("name") >>>>>>> >>>>>>> if name == "Pete": >>>>>>> greeting = "Hi" >>>>>>> else: >>>>>>> greeting = "Hello!" >>>>>>> >>>>>>> print(f""" >>>>>>> <html> >>>>>>> <body> >>>>>>> {greeting} {name}! >>>>>>> </body> >>>>>>> </html> >>>>>>> """) >>>>>>> >>>>>>> I'd like to allow them start writing web-apps without introducing >>>>>>> functions first (most web-frameworks require functions). >>>>>>> >>>>>>> It occurred to me that it's not hard to create a wrapper, which >>>>>>> presents this code as a web-app (input would be patched to look up GET >>>>>>> or >>>>>>> POST parameters with given name). >>>>>>> >>>>>>> This approach would allow simple debugging of the code on local >>>>>>> machine and no extra libraries are required in this phase. >>>>>>> >>>>>>> Any opinions on this? Has this been tried before? >>>>>>> >>>>>>> best regards, >>>>>>> Aivar >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Edu-sig mailing list >>>>>>> Edu-sig@python.org >>>>>>> https://mail.python.org/mailman/listinfo/edu-sig >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Edu-sig mailing list >>>>>> Edu-sig@python.org >>>>>> https://mail.python.org/mailman/listinfo/edu-sig >>>>>> >>>>> >>>> > > > _______________________________________________ > Edu-sig mailing list > Edu-sig@python.org > https://mail.python.org/mailman/listinfo/edu-sig > _______________________________________________ Edu-sig mailing list Edu-sig@python.org https://mail.python.org/mailman/listinfo/edu-sig