Login

3110 snippets

Snippet List

Sanitize HTML filter with tag/attribute whitelist and XSS protection

Reworked version of [this snippet](http://www.djangosnippets.org/snippets/205/) that now accepts an argument so the user can specify which tags to allow, and which attributes should be allowed for each tag. Argument should be in form `tag2:attr1:attr2 tag2:attr1 tag3`, where tags are allowed HTML tags, and attrs are the allowed attributes for that tag. It also uses code from [this post on stack overflow](http://stackoverflow.com/questions/16861/sanitising-user-input-using-python) to add XSS protection.

  • html
  • security
  • sanitize
  • whitelist
Read More

HTML5 filter for XXS

Usefull for TinyMCE, to allow some HTML but be vunarable by XXS attacks You need to install html5lib sudo easy_install html5lib

  • template
  • filter
  • security
  • sanitize
  • xss
Read More

MySQL "Text" Type Model Field

Custom field for using MySQL's `text` type. `text` is more compact than the `longtext` field that Django assigns for `models.TextField` (2^16 vs. 2^32, respectively)

  • text
  • models
  • mysql
  • db
  • database
  • field
  • custom-field
Read More

Fail Faster: unsafe_test Management Command

The faster you fail the faster you reach success. This management command runs tests within the django environment, but without a test database, hence the word "UNSAFE". It only runs unittests for a single application, which are not subclasses of django.test.TestCase. Django's TestCases are not supported because they attempt to purge the database. Turn this flaw into a feature by segregating testcases into those that either need or don't need the test database. This tool may not be useful in all cases, but in certain cases you can have more rapid testing iterations. I use it for certain utility applications. **Setup:** Place in <app_name>/management/commands/unsafe_test.py **Run:** $./manage.py unsafe_test <app_name>

  • management-command
Read More

Django with AngularJS

This is a simpel snippet to prevent conflict between Django and AngularJS template syntax. It is possible to change the AngularJS syntax, but this can cause compatibility problems, so I figured that this was a better solution.

  • AngularJS
Read More

Transparent encryption for model fields

Here's a simple way to transparently encrypt a field (just repeat the idiom for more than one) so that it is not stored plaintext in the database. This might be useful for social security numbers, etc. The storage size for the ciphertext depends on which algorithm you use. Blowfish here requires 32 characters to store an encrypted 16 characters. Note also that Blowfish requires a block size of a multiple of 8, so that is what the repeat in the _set_ssn() is all about. The Crypto module is from http://www.amk.ca/python/code/crypto.html I make no claims as to how secure this scheme is overall, comments on this are welcome.

  • database
  • encryption
Read More

AntiSpamForm

A general AntiSpamForm using some tricks to prevent spam based on current [django.contrib.comments.forms](http://code.djangoproject.com/browser/django/trunk/django/contrib/comments/forms.py). It uses a timestamp, a security hash and a honeypot field. See [AntiSpamModelForm](http://www.djangosnippets.org/snippets/1856/) too.

  • forms
  • spam
  • form
  • antispam
Read More

Plugin Framework

This is a very basic -- yet fully functional -- framework for producing a loosely coupled plugin architecture. Full details of its use can be found [on my blog](http://gulopine.gamemusic.org/2008/jan/10/simple-plugin-framework/), but the basics are listed below. ## Defining a mount point for plugins class ActionProvider: __metaclass__ = PluginMount ## Implementing plugins class Insert(ActionProvider): def perform(self): # Do stuff here class Update(ActionProvider): def perform(self): # Do stuff here ## Utilizing plugins for action in ActionProvider.plugins: action.perform() Yes, it really is that simple.

  • plugins
Read More

Show template names in markup

Simple snippet to show the names of the templates on the page. It's a custom template loader that just prints out the name of the template at the start of the template. To set it up, just place it in a file, for example spy.py. Then edit settings.py and add this to the start of the tuple list for TEMPLATE_LOADERS. TEMPLATE_LOADERS = ( 'appname.spy.load_template_source', 'django.template.loaders.filesystem.Loader', 'django.template.loaders.app_directories.Loader', ) This was useful for me because I'm starting to use a django project that's a big on the big side and I'm trying to do a theme for it. I'm not very familiar with their templates, so these visual cues will help instead of walking through the template code. Hope this is helpful for some one else too.

  • template
  • templates
  • loader
Read More

Admin Apps Names Translation

This Snippet allows for your project's apps names to be displayed as you want in the Admin, including translations. The lists of apps and languages are created from your settings.py file. **How to use** 1st part: - Create a application called 'apps_verbose' in you project with the models.py and admin.py showed here - Create a folder inside it with named 'templatetags' with the verbose_tags.py file inside it. - Add this app to installed apps in your settings.py - If you change this app name, dont forget to correct the imports. 2nd part: - Create a folder named 'admin' in your templates folder and copy the following files form your /django/contrib/admin/templates/admin/ folder. - /app_index.html - /base.html - /change_form.html - /change_list.html - /delete_confirmation.html - /delete_selected_confirmation.html - /index.html - /object_history.html - Make the necessary changes in each file, like shown here. 3rd part: - Create translations in the Admin and enjoy.

  • template
  • django
  • admin
  • i18n
  • python
  • tags
  • html
  • app
  • translation
Read More
Author: Nad
  • 3
  • 5