Django_template
The Django template language
Template templates are a simple text file that can generate text Format (html,xml,csv) templates that contain variables that will be assigned values
For example:
{% extends "base_generic.html"%} {% block title%} {{Section.title}} {% Endblock%} {% block content%}
Variables {{ variable }}
in this form, it is the variable. When the template engine sees a variable, it assigns it a value and replaces it with the result of the assignment. Dot (.) You can access the properties of a variable by {{ section.title }}
using the Title property of the Sectioon object, if there is a variable that does not exist, the template inserts Template_string_if_invalid, and the default is ' empty string ' bar: {{ foo.bar }}
This will be represented as a string instead of using the value of bar to replace
FiltersFilters used to modify variables to output will {{ name|lower }}
filter the name variable in lowercase to be used as a string. {{ text|excape|linebreaks }}
Filters can also take parameters, such as: {{ bio|truncatewords:30 }}
the first 30 letters of the output bio variable
Parameters must be enclosed in quotation marks if they contain spaces, such as a comma and a space in the form of a list: {{ list|join:", " }}
- Default: If the variable is wrong or empty, the defaults will be used, such as:
{{ value|default:"nothing" }}
- Length: Returns the lengths of variables that can be used for list or string
- Filesizeformat: Format the numeric value as a byte size, such as ' KB ', ' 4 MB ', etc., such as
{{ 123456789|filesizeformat }}
output 117.7 MB
Tags
{% tag %}
Tags are slightly more complex than variables, you can generate text output, you can control logic and loops, or you can import some external information into a template and later use it for variables.
Some tags include the start and end tags, which are shaped like{% tag %} tag content {% endtag %}
The above for tag can access each athlete in the list, which includes the start and end tags
The IF tag can be used with filters and some operators:
{% if athlete_list|length > 1} Team: {% for athlete in athlete_list%} ... {% ENDFOR%} {% Else%} Athlete: {{athlete_list.0.name}}{% endif%}
Comments
{# #}
Eg: {# greeting #}hello
content only Hello
Template inheritance
This is the most powerful and complex part of the Django template, allowing us to create a skeleton template that contains the underlying elements of the site, and then we can define the sub-templates to overload the base.html:
<! DOCTYPE html>
A child template:
{% extends "base.html"%} {% block title%} My Amazing blog{% endblock%}{% block content%}{% for entry in blog_entries%}
Here the extend tag is used to indicate that it is extended from the base template, and the template engine detects several block tags in the base.html and replaces them with the contents of these blocks in the child template to obtain such an output:
<! DOCTYPE html>
Attention:
- If you use a extends tag, it must be the first template label in the text
- Sometimes we want to make some changes to the content in the parent template, which can be
{{ block.super }}
obtained by
Automatic HTML Escaping
Sometimes the data submitted by the user can be unthinkable, such as Hello, {{ name }}
simply displaying the user name, but if the user enters the name, the <script>alert(‘hello‘)</script>
template is rendered as:
Hello, <script>alert (' Hello ') </script>
Will cause the browser pop-up reminder box! This can cause Web pages to be vulnerable to attacks such as XSS (cross Site Scripting) attacks, etc.
Django offers two solutions to solve this problem
- One is to add escape filters to some untrusted variables, making them harmless, but the problem is that we need to set them up manually and be prone to omissions.
- The second is to have Django automatically escape.
Several common escape:
< |
< |
> |
‘ |
& #39; |
" |
" |
& |
& |
These are the default conversions, as long as the Django template system is used.
Close Escape
For a single variable, you can use the safe filter, such as:
This would be escaped: {{Data}}this is not being escaped: {{Data|safe}}
If the content of data is ' <b> ', the output:
This'll be escaped: <b> This won't be escaped: <b>
For blocks, you can use Autoescape tags, such as:
{% autoescape off%} Hello {{name}}{% Endautoescape%}
Autoescape default is on
Load tag
Some apps provide a library of tags and filters, and if you want to access them in a template, first make sure the app is in Installed_apps, such as ' django.contrib.humanize ', Access Intcomma filter
{% load humanize%} {{45000|intcomma}}
Note that the application of load in base.html cannot be applied directly to the child template and must be load again in the child template
Django Template language Getting Started