A decorator that restricts the tags and filters available to template loading and parsing within a function.
This is mainly meant to be used when granting users the power of the DTL. You obviously don't want users to be able to do things that could be potentially malicious.
The {% ssi %} tag, for example, could be used to display sensitive data if improperly configured.
{% load %} gives them access to all the unlimited python code you wrote in your templatetags. {% load sudo %}{% sudo rm -rf / %} o_0
Note that the "load" tag (among others) is not listed in the default tag whitelist. If you parse a template (however indirectly) in a function decorated with this, unlisted builtin tags will behave like undefined tags (ie, they will result in a TemplateSyntaxError).
Since {% load %} is not whitelisted, you may want to include some custom tags or filters as "builtins" for convenience. Simply put the module paths to the libraries to include in the `extra` kwarg or the `extra_libraries` list. Generally, this is not recommended, as these libraries need to be carefully and defensively programmed.
**NOTE**: This **does not** do anything about cleaning your rendering context! That's completely up to you! This merely restricts what tags and filters are allowed in the templates.
Examples:
from django.template.loader import get_template
safe_get_template = use_safe_templates(get_template)
tmpl = safe_get_template('myapp/some_template.html')
from django.template import Template
use_safe_templates(Template)('{% load sudo %}')
# TemplateSyntaxError: Invalid block tag 'load'
before this works, you'll need to satisfy all the criteria for getting debug information in your template context:
Have 'django.core.context_processors.debug' in your TEMPLATE_CONTEXT_PROCESSORS setting (it was there in the default settings, last time I checked).
Have your current IP in your INTERNAL_IPS setting.
Use RequestContext when rendering the current template (if you're using a generic view, you're already using RequestContext).
[Manuale Django](http://www.darioagliottone.it/django-guida/)
This is useful if you have a string that is html encoded (i.e. "<p>Hello world!</p>") and you want to do something more complex than just display it as html, such as using the striptags filter.
You'll need to `pip install pyScss` first.
Converts on the fly, so you won't want to use this for much more than just testing.
Usage in a template:
{% load sass %}
{% include_sass "disclosures/css/base.scss" %}
{% include_sass "disclosures/css/grid.scss" %}
I needed a way to find if a menu items should be active. After searching the internet i found a few options*, but none of them did fit my needs, so i wrote my own:
Usage:
<a href="{% url 'view-name' %}" class="{% current request 'view-name' %}"></a>
* http://gnuvince.wordpress.com/2008/03/19/the-new-and-improved-active-tag/
* http://stackoverflow.com/questions/340888/navigation-in-django
Based on code from [mihelac.org](http://source.mihelac.org/2010/02/19/django-time-widget-custom-time-shortcuts/)
Modified to work in Django 1.3.1. Put it in templates/admin/app_label/model/change_form.html
Use this to send emails to your users, takes one template and renders it as html or text as needed.
Credits to
"""
Jutda Helpdesk - A Django powered ticket tracker for small enterprise.
(c) Copyright 2008 Jutda. All Rights Reserved. See LICENSE for details.
lib.py - Common functions (eg multipart e-mail)
"""
MIT licence
I only removed the specific project parts and made it general to use.
The original project repository https://github.com/rossp/django-helpdesk/
You can use this class for render and send html email message with the same logic and facility of website page creation. Just create an html template file with the same name of Class in lowercase.
I have been wrestling with custom app labels and have come to the conclusion that this is the easiest workaround for the problem. Since I name most of my apps as Foo_Bar this makes them look a lot nicer. I just apply the filter to whatever app label and it fixes it.
If you need a more complex replacement, you could just have an if statement that looks for the full app label and replaces it with whatever you want.
Django Template Tag Filter stack to clean up output from [widgEditor](http://www.themaninblue.com/experiment/widgEditor/) or other WYSIWYG text-input box. Removes arbitrary line break code and replaces with Django's cleaner `|linebreaks` filter. Also removes any arbitrary styling, leaving in things like bold, italic, link and image tags.