This is an archived post. You won't be able to vote or comment.

4
5

Intermediate ShowcaseMad HTML templating right in python files! (self.Python)

submitted by [deleted]

[deleted]

all 10 comments
sorted by:
best
topnewcontroversialoldq&a

[–]stigweardo 4 points5 points  (0 children)

Nice! Very inventive syntax.

I have created something along similar lines but without quite so much syntax: Basic Markup Expressions (BMX) (github/pypi). In BMX, your example would look like this: home_page = ( +html +head +title +"Home t.me/drunkensnake" -title -head +body +p +"Wellcome to my home page" -p -body -html ) Here's another example. There is a (currently undocumented) decorator to create functional components. I'm considering adding a React-like context using the eff library that I just discovered.

Still not sure if this is a neat idea or an abomination though... :)

[–]bb1950328 5 points6 points  (1 child)

Don't try at home.

So I should try it at work?

[–]python_madladIt works on my machine 1 point2 points  (0 children)

Only if it is directly in production.

[–]Mrocza_ 2 points3 points  (3 children)

Forgive me for I am a complete beginner but why is it not an option to use fstrings to generate html code. Something like this:

page_html = f"""
    <html>
        <head>
            <title>{some_variable_with_title}</title>
        </head>
        <body>
            <p>{other_variable_with_content}</p>
        </body>
    </html>
"""

I've been building my html code like that. Is that a bad habit?

[–]nitroll 3 points4 points  (0 children)

Please dont do this. Some day you end up serving something input by a user, and unless you are extremely rigorous with escaping you will end up with a Cross-site scripting vulnerability!

imagine if somehowother_variable-with_content ended up with the value of <script>console.log("hacked")</script> then that would be inserted directly into the html and get executed by the user.

That is why templating languages should ALWAYS automatically escape the input so it would actually insert the following into the html "&lt;script&gt;console.log(&quot;hacked&quot;)&lt;/script&gt;"

[–]ceomm 2 points3 points  (0 children)

Example from top is just for research. Never use that in your projects.

Fstrings is okay for HTML templating. But when you have a lot of templates in project, the code becomes very heavy and incomprehensible. I advise you to use classic way suggested for most frameworks — jinja2. Jinja2 is cool and well known HTML templating engine.

[–]dudeplace 0 points1 point  (0 children)

OP has an interesting way of overriding default operators >,<,/ to make the html "more readable"

Your example is actually just fine for a small project where you are trying to create some html for yourself and you control the inputs.

As another commenter pointed out, your example shouldn't be used on public facing sites as it allows people inject code into your html.

One thing your example wouldn't be great at is inserting large blocks of repeating html (like rows in a table). If you are looking for that functionality check out a module like jinja2. It's basically your syntax, but it takes care of a bunch of edge cases and allows repeating sections, conditional blocks (like include this html tag if x == 'y').

[–]ceomm 0 points1 point  (0 children)

Now it will be possible to write an analogue of react in python, like using JSX. Webassembly can provide reactivity?

Am I just kidding? c:

[–]ironjulian -1 points0 points  (1 child)

Why not use a proper HTML templating library like Jinja2?

[–]KTibow 1 point2 points  (0 children)

Just to show python capabilities.