Doesn't it sandbox designers from accessing the files from the web2py file
system? The subset is a feature in this case, even if it's not a complete
security fix. (I would appreciate some example of those javascript issues).
I've also had trouble with nesting blocks (from different files) in web2py
templates, as well as including views based on variable names. Even if it's
fixable, those things are smoother with jinja.
The main reason I'm using jinja is still the sandboxing. If web2py would
allow me to choose what python functions of the app that is available for
designers, I'd probably stick to web2py templates. On the hand there are
some nice features of jinja that are not written in web2py, even if they
can be.
Also, I'm still wondering about the bytecode issue? Does bytecoding require
to use web2py-style templates? Or have trouble with external modules? Or
can you still bytecode the app for speed, but without bytecoding the
templates? Does it matter if the controller renders a view, or does
bytecode have any value if a controller returns a string?
Thanks for your help,
- Robin
Den måndag 23 mars 2015 kl. 18:54:54 UTC+1 skrev Massimo Di Pierro:
>
> You can use jinja2 with web2py. I do not endorse it but you can, like you
> can use any template engine. Just replace
>
> def index():
> return dict(a=1,b=2)
>
> with
>
> from jinja2 import Environment, PackageLoader
>
> def index():
> env = Environment(loader=PackageLoader('yourapplication',
> 'templates'))
> j2 = env.get_template('mytemplate.html')
> return j2.render(a=1,b=2)
>
> mind that jinja2 is not smart enough to figure out web2py helpers and
> forms so if you have
>
> form = SQLFORM(...) # or other helper
> return dict(form = form)
>
> you will have to do
>
> form = SQLFORM(...) # or other helper
> return j2.render(form = form.xml())
>
> Anyway. I do not buy the argument that this sandboxes developers. Lots of
> damage can be done with JS code alone and this does not sandbox that.
> Moreover you are crippling your developers for a false sense of security.
> You simply need a policy about what can do in templates and a review
> process to make policy was followed.
>
> The jinja2 template can be thought of a subset of the web2py template set.
> There is nothing that jinja2 can do that web2py templates cannot do
> already. The opposite is not true.
>
> Massimo
>
> On Saturday, 9 June 2012 01:35:04 UTC-5, kirpit wrote:
>>
>> Actually not, if you don't want your designers to run pure python and
>> sandbox their templates.
>>
>> On Saturday, June 9, 2012 2:02:51 PM UTC+10, pbreit wrote:
>>>
>>> Using Jinja2 in Web2py seems like a very bad idea unless 1) you have
>>> lots of content already in Jinja2 or 2) you are doing it purely as an
>>> exercise.
>>>
>>>
>>> On Friday, June 8, 2012 8:18:59 PM UTC-7, Massimo Di Pierro wrote:
>>>>
>>>> :-)
>>>>
>>>> On Friday, 8 June 2012 13:04:43 UTC-5, kirpit wrote:
>>>>>
>>>>> Since this discussion comes as the first result of "web2py jinja2"
>>>>> searches, there you go a simple integration:
>>>>>
>>>>> https://github.com/kirpit/web2jinja
>>>>>
>>>>> Cheers,
>>>>> kirpit
>>>>>
>>>>>
>>>>> On Wednesday, January 27, 2010 1:24:53 PM UTC+11, Alexandre wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I want to replace web2py's template engine with Jinja 2
>>>>>> <http://jinja.pocoo.org/2/>, anyone has some experience doing
>>>>>> something similar? I'm trying to assign response._caller with a custom
>>>>>> function, but I'm not having much success, is that the right way?
>>>>>>
>>>>>> Thanks,
>>>>>> Alexandre Rosenfeld
>>>>>>
>>>>>> Eng Comp 06 - USP São Carlos
>>>>>> FoG - http://fog.icmc.usp.br
>>>>>> IM Team - AIESEC
>>>>>>
>>>>>
>>>>> On Wednesday, January 27, 2010 1:24:53 PM UTC+11, Alexandre wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I want to replace web2py's template engine with Jinja 2
>>>>>> <http://jinja.pocoo.org/2/>, anyone has some experience doing
>>>>>> something similar? I'm trying to assign response._caller with a custom
>>>>>> function, but I'm not having much success, is that the right way?
>>>>>>
>>>>>> Thanks,
>>>>>> Alexandre Rosenfeld
>>>>>>
>>>>>> Eng Comp 06 - USP São Carlos
>>>>>> FoG - http://fog.icmc.usp.br
>>>>>> IM Team - AIESEC
>>>>>>
>>>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
