在 Pyramid 中,如何从视图返回原始 HTML?
我对 Pyramid 真的很陌生(而且对一般的 Web 框架也很陌生)。
我正在尝试进入可以从视图返回原始 HTML 的阶段,以便可以标记从 mongoDB 存储返回的数据。
我的金字塔项目中的 __init__.py 是标准的:
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
config = Configurator(root_factory = Root, settings = settings)
config.add_view('hermesweb.views.my_view',
context = 'hermesweb:resources.Root',
renderer = 'hermesweb:templates/mytemplate.pt')
config.add_static_view('static', 'hermesweb:static', cache_max_age = 3600)
views.myDB = connect() # connect to my mongoDB
我的 templates/mytemplate.pt 看起来像这样:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:tal="http://xml.zope.org/namespaces/tal">
<head><title>My test title. . . </title></head>
<body>
<div>
<h2>Perform a search</h2>
<form method="GET" action="">
<div>
<input type="text" name="id"/>
</div>
<input type="submit" value="Submit"/>
</form>
<h2>Results</h2>
${results}
</div>
</body
<html>
最后,我的 views.py 看起来像这是:
myDB = "" # ref to the database is assigned on startup.
def my_view(request):
key = request.GET.get('id', None)
results = ""
if key:
db_res = myDB.call_some_find_function(key)
for data in db_res:
results = "%s <li> %s </li>" % (results, data)
results = "<ul> %s </ul>" % results
return {'results': results}
当我在表单中插入一个术语并且调用 my_view 函数时,会查询数据库并提取正确的结果,但是,返回的字符串不会变成网页中的 html,它在网页中作为字符串打印 反而。
我怀疑这与内容类型有关?但我还不太了解 Pyramid。有人可以解释如何让它返回被浏览器解释为 html 而不仅仅是字符串的 html 吗?
额外的问题 - 我是否应该使用 views.py 来进行这种类型的数据库调用?我仍然很困惑整个 Root 对象在哪里。我使用 MongoDB 作为数据库后端。 。 。
I'm really new to Pyramid (and pretty new to web frameworks in general).
I'm trying to get to the stage where I can return raw HTML from a view, so that I can markup data returned from my mongoDB store.
My __init__.py in my pyramid project is standard:
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
config = Configurator(root_factory = Root, settings = settings)
config.add_view('hermesweb.views.my_view',
context = 'hermesweb:resources.Root',
renderer = 'hermesweb:templates/mytemplate.pt')
config.add_static_view('static', 'hermesweb:static', cache_max_age = 3600)
views.myDB = connect() # connect to my mongoDB
My templates/mytemplate.pt looks like this:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:tal="http://xml.zope.org/namespaces/tal">
<head><title>My test title. . . </title></head>
<body>
<div>
<h2>Perform a search</h2>
<form method="GET" action="">
<div>
<input type="text" name="id"/>
</div>
<input type="submit" value="Submit"/>
</form>
<h2>Results</h2>
${results}
</div>
</body
<html>
Finally, my views.py looks like this:
myDB = "" # ref to the database is assigned on startup.
def my_view(request):
key = request.GET.get('id', None)
results = ""
if key:
db_res = myDB.call_some_find_function(key)
for data in db_res:
results = "%s <li> %s </li>" % (results, data)
results = "<ul> %s </ul>" % results
return {'results': results}
When I insert a term into the form and the my_view function gets called the database is queried and the correct results get pulled out, however, rather than the string being returned turning into html in the webpage, it is printed as a string in the web-page instead.
I suspect this is something to do with the content type? But I don't really understand Pyramid well enough yet. Can someone explain how to get this to return html that is interpreted by the browser as html, rather than just a string?
Extra question - should I be even using the views.py for this type of database call? I'm still confused where the whole Root object comes into it. I'm using MongoDB as the database backend. . .
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
为了防止 Chameleon 转义
${result}变量,您需要使用${struct: result},按照文档:http://chameleon.readthedocs.org/en/latest/reference.html#structTo prevent Chameleon from escaping the
${result}variable, you need to use${structure: result}, as per the documentation: http://chameleon.readthedocs.org/en/latest/reference.html#structure该字符串正在被转义,这是插入到模板中的字符串的默认设置,以防止恶意代码被注入到您的网站中。要将字符串标记为安全,您需要将其标记为文字,这样它就不会被转义。我相信金字塔(如塔楼)随 webhelpers 模块一起提供,因此您可以导入文字函数:
然后将最终结果分配替换为:
如果我怀疑文字没有随金字塔一起提供,请参阅这篇文章:
Python 金字塔 & Chameleon 模板语言转义 html
编辑:请注意,为了安全起见,在将数据输入到 html 之前,您可能应该从数据库中转义数据。您可以使用
cgi.escape来实现此目的。The string is being escaped, which is the default for strings inserted into templates to prevent naughty code being injected into your site. To mark the string as safe, you'll want to mark it as a literal so it's not escaped. I believe that pyramid (like pylons) ships with the webhelpers module, so you can import the literal function:
then replace your final results assignment with:
If literal doesn't ship with pyramid as I suspect, see this post:
Python Pyramid & Chameleon templating language escapes html
edit: note that you should probably be escaping your data from your db before you input it into the html for safety's sake. You can use
cgi.escapefor this.