Store and retrieve template code from database

Wed, 05 Jul 2006 05:32:24 -0700 

greetings,

i would like to store django template code in a database and retrieve
it for display.  before i go any further, does anyone foresee any
security risks with this approach?  there will be control over those
users who can manipulate the data but not so much that we could monitor
what everyone would be doing at any given moment.  that said, i have
not seen anything in the template code that could present a system
security danger if used maliciously.

my approach was to create a template tag to retrieve the data from the
database and then display it in a template when called.  unfortunately,
when i use the templatetag in a template, the django template code is
not parsed or rendered.  you see the templated code itself.  for
example,  {% block content %}{% endblock %}

so question two would be, how can you tell the template rendering
mechanism in django to parse the data as if it were any other template
code?  below find the code for the templatetag if that will help
diagnose the problem.

thanks in advance.

yours,

steve

from django import template
from mysite.app.models import Booboo

register = template.Library()

class SomeData(template.Node):

    def __init__(self,varname):
        self.varname = varname

    def __repr__(self):
        return "<Booboo>"

    def render(self, context):
        context[self.varname] = Booboo.objects.get(name="somefield")
        return ''

class DoGetData:
    """
    {% get_data as data %}
    """
    def __init__(self, tag_name):
        self.tag_name = tag_name

    def __call__(self, parser, token):
        bits = token.contents.split()
        if len(bits) != 3:
            raise template.TemplateSyntaxError, "'%s' tag takes two
arguments" % bits[0]
        if bits[1] != "as":
            raise template.TemplateSyntaxError, "First argument to '%s'
tag must be 'as'" % bits[0]
        return SomeData(bits[2])

register.tag('get_data', DoGetData('get_data'))


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---

Reply via email to