# Sorry to post long entry. On 2007-10-21 10:29 am, Anand <[EMAIL PROTECTED]> wrote: > > One of the goals of web.py templating system is to let untrusted > users write templates. > I haven't found any other templating system, which allows this.
It is able to allow untructed users to edit template files if you can separate presentation logics from HTML template. It is needed to embed presentation logics into template file in Tenjin, Mako, Templetor, and others. This is so dangerous if users are not trusted. But XMLC or Amritas doesn't allow anyone to embed presentation logics in HTML template. All you can do is to add 'id' attribute into HTML template. Presentation logics are separated from template file so you can allow untrusted users to edit thier own templates. * XMLC (template engine for Java) http://xmlc.enhydra.org/ * Amrita2 (template engine for Ruby) http://amrita2.rubyforge.org/ The following is an example of Amrita2 (in Ruby). This shows that no logics appear in HTMl template. table.html -------------------- <table> <tr id="list" class="odd"> <td id="item">ITEM</td> </tr> <tr id="dummy" class="even"> <td>ITEM2</td> </tr> </table> -------------------- table.rb -------------------- require 'rubygems' require 'amrita2/template' include Amrita2 ## context data list = [ a(:class=>'odd') do {'item'=>'AAA'} end, a(:class=>'even') do {'item'=>'BBB'} end, a(:class=>'odd') do {'item'=>'CCC'} end, ] context = { :list=>list } ## load template and render template = TemplateFile.new('table.html') strbuf = '' template.expand(strbuf, context) print strbuf -------------------- output: -------------------- <table> <tr class='odd'> <td>AAA</td> </tr><tr class='even'> <td>BBB</td> </tr><tr class='odd'> <td>CCC</td> </tr> </table> -------------------- Some template engines allow you to choice whether to embed presentation logics in template file or to separate presentation logics from template. * Tapestry (web application framework for Java) http://tapestry.apache.org/ * Kwartz (template system for Ruby and PHP) http://www.kuwata-lab.com/kwartz/ The following is an example of Kwartz. You can separate presentation logics from HTML tempate as if CSS file. table.html: -------------------- <table> <tr id="mark:list" class="odd"> <td id="mark:item">ITEM</td> </tr> <tr id="dummy:d1" class="even"> <td>ITEM</td> </tr> </table> -------------------- table.plogic: -------------------- /* element which has id="mark:list" */ #list { attrs: 'class' klass; logic: { odd = false for item in list odd = !odd klass = odd ? 'odd' : 'even' _stag # start tag _cont # content _etag # end tag end } } /* element which has id="mark:item" */ #item { value: item; } -------------------- Kwartz will generate template file (eRuby file). ==================== ### in command-line $ kwartz -l eruby -p table.plogic table.html > table.rhtml $ cat table.rhtml <table> <% odd = false %> <% for item in list %> <% odd = !odd %> <% klass = odd ? 'odd' : 'even' %> <tr class="<%= klass %>"> <td><%= item %></td> </tr> <% end %> </table> ==================== I have not found any template engine which can separate presentation logics from template files in Python. All of template engines in Python (Temletor, Mako, Cheetah, Kid, Genshi, Myghty, Django, DTML, ZPT) are needed to embed presentation logics in template files. It means that you can't allow untrusted users to edit their own template files. -- makoto kuwata --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
