Web2py template is the best you have out there. you will be silly to look
for something else. My opinion.
On Monday, March 23, 2015 at 11:05:19 PM UTC-4, Massimo Di Pierro wrote:
>
> yes. the sandbox prevents the code in templates from accessing the file
> system. What I am saying is that it is not the only problem you can have
> with templates and developer should check the code no matter what. A
> template could include, for example, code that allows the designer to steal
> credentials from other users.
>
> Checking templates is easy. Just print all the strings in between {{...}}
> and see if they do something funny like opening files. Takes a second to
> check.
>
> web2py templates work within the specs and are very fast. If you have any
> problem with them, please let us know and we can help with the syntax.
>
> Anyway, this is a mater of taste. You may find this code useful:
>
> https://gist.github.com/mdipierro/9459290
>
> It converts a jinja2 template to a web2py template. There may be
> exceptions.
>
> Massimo
>
>
> On Monday, 23 March 2015 19:10:24 UTC-5, Robin Manoli wrote:
>>
>> Doesn't it sandbox designers from accessing the files from the web2py
>> file system? The subset is a feature in this case, even if it's not a
>> complete security fix. (I would appreciate some example of those javascript
>> issues).
>>
>> I've also had trouble with nesting blocks (from different files) in
>> web2py templates, as well as including views based on variable names. Even
>> if it's fixable, those things are smoother with jinja.
>>
>> The main reason I'm using jinja is still the sandboxing. If web2py would
>> allow me to choose what python functions of the app that is available for
>> designers, I'd probably stick to web2py templates. On the hand there are
>> some nice features of jinja that are not written in web2py, even if they
>> can be.
>>
>> Also, I'm still wondering about the bytecode issue? Does bytecoding
>> require to use web2py-style templates? Or have trouble with external
>> modules? Or can you still bytecode the app for speed, but without
>> bytecoding the templates? Does it matter if the controller renders a view,
>> or does bytecode have any value if a controller returns a string?
>>
>> Thanks for your help,
>> - Robin
>>
>> Den måndag 23 mars 2015 kl. 18:54:54 UTC+1 skrev Massimo Di Pierro:
>>>
>>> You can use jinja2 with web2py. I do not endorse it but you can, like
>>> you can use any template engine. Just replace
>>>
>>> def index():
>>> return dict(a=1,b=2)
>>>
>>> with
>>>
>>> from jinja2 import Environment, PackageLoader
>>>
>>> def index():
>>> env = Environment(loader=PackageLoader('yourapplication',
>>> 'templates'))
>>> j2 = env.get_template('mytemplate.html')
>>> return j2.render(a=1,b=2)
>>>
>>> mind that jinja2 is not smart enough to figure out web2py helpers and
>>> forms so if you have
>>>
>>> form = SQLFORM(...) # or other helper
>>> return dict(form = form)
>>>
>>> you will have to do
>>>
>>> form = SQLFORM(...) # or other helper
>>> return j2.render(form = form.xml())
>>>
>>> Anyway. I do not buy the argument that this sandboxes developers. Lots
>>> of damage can be done with JS code alone and this does not sandbox that.
>>> Moreover you are crippling your developers for a false sense of security.
>>> You simply need a policy about what can do in templates and a review
>>> process to make policy was followed.
>>>
>>> The jinja2 template can be thought of a subset of the web2py template
>>> set. There is nothing that jinja2 can do that web2py templates cannot do
>>> already. The opposite is not true.
>>>
>>> Massimo
>>>
>>> On Saturday, 9 June 2012 01:35:04 UTC-5, kirpit wrote:
>>>>
>>>> Actually not, if you don't want your designers to run pure python and
>>>> sandbox their templates.
>>>>
>>>> On Saturday, June 9, 2012 2:02:51 PM UTC+10, pbreit wrote:
>>>>>
>>>>> Using Jinja2 in Web2py seems like a very bad idea unless 1) you have
>>>>> lots of content already in Jinja2 or 2) you are doing it purely as an
>>>>> exercise.
>>>>>
>>>>>
>>>>> On Friday, June 8, 2012 8:18:59 PM UTC-7, Massimo Di Pierro wrote:
>>>>>>
>>>>>> :-)
>>>>>>
>>>>>> On Friday, 8 June 2012 13:04:43 UTC-5, kirpit wrote:
>>>>>>>
>>>>>>> Since this discussion comes as the first result of "web2py jinja2"
>>>>>>> searches, there you go a simple integration:
>>>>>>>
>>>>>>> https://github.com/kirpit/web2jinja
>>>>>>>
>>>>>>> Cheers,
>>>>>>> kirpit
>>>>>>>
>>>>>>>
>>>>>>> On Wednesday, January 27, 2010 1:24:53 PM UTC+11, Alexandre wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I want to replace web2py's template engine with Jinja 2
>>>>>>>> <http://jinja.pocoo.org/2/>, anyone has some experience doing
>>>>>>>> something similar? I'm trying to assign response._caller with a custom
>>>>>>>> function, but I'm not having much success, is that the right way?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Alexandre Rosenfeld
>>>>>>>>
>>>>>>>> Eng Comp 06 - USP São Carlos
>>>>>>>> FoG - http://fog.icmc.usp.br
>>>>>>>> IM Team - AIESEC
>>>>>>>>
>>>>>>>
>>>>>>> On Wednesday, January 27, 2010 1:24:53 PM UTC+11, Alexandre wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I want to replace web2py's template engine with Jinja 2
>>>>>>>> <http://jinja.pocoo.org/2/>, anyone has some experience doing
>>>>>>>> something similar? I'm trying to assign response._caller with a custom
>>>>>>>> function, but I'm not having much success, is that the right way?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Alexandre Rosenfeld
>>>>>>>>
>>>>>>>> Eng Comp 06 - USP São Carlos
>>>>>>>> FoG - http://fog.icmc.usp.br
>>>>>>>> IM Team - AIESEC
>>>>>>>>
>>>>>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
