hello malcom, thanks for taking the time to help out.
Malcolm Tredinnick wrote: > On Wed, 2006-07-05 at 12:32 +0000, plungerman wrote: > > greetings, > > > > i would like to store django template code in a database and retrieve > > it for display. before i go any further, does anyone foresee any > > security risks with this approach? there will be control over those > > users who can manipulate the data but not so much that we could monitor > > what everyone would be doing at any given moment. that said, i have > > not seen anything in the template code that could present a system > > security danger if used maliciously. > > It is entirely dependent on the safety of the template tags you are > using. The standard Django tags do not permit you to change data via a > template tag (see the discussion of "alters_data" in the > templates_python.txt document). But your own custom tags (or other > custom tags that are available via "load") may not be so diligently > marked. > > > my approach was to create a template tag to retrieve the data from the > > database and then display it in a template when called. unfortunately, > > when i use the templatetag in a template, the django template code is > > not parsed or rendered. you see the templated code itself. for > > example, {% block content %}{% endblock %} > > > > so question two would be, how can you tell the template rendering > > mechanism in django to parse the data as if it were any other template > > code? below find the code for the templatetag if that will help > > diagnose the problem. > > Unless I am missing something, you don't seem to have included the code > that actually creates the template. At some point you are going to get a > string of text out of the database and have to call > > t = django.template.Template(template_string) > > with the data (template_string, here). This will give you back a > template object and you can render that using the current context by > calling > > t.render(context) > > That last line will probably be in the render() method of whatever your > template tag is. i was simply calling the templatetag from a template itself to display the data retrieved from the database that contains django template code: {% load data_template %} {% get_data as data %} {% if data.content %}{{ data.content }}{% endif %} unfortunately, the problem was that the data was not being rendered, so you see the django template script like {% block content %}{% endblock %} . i guess that i had hoped it would be that easy. anyway, i attempted to rewrite the templatetag as you indicated above, adding t = django.template.Template(template_string) t.render(context) to the render method of the SomeData class, but having no luck. i might have to dig into hugo's implementation. > > Also, just in passing, are you deliberately not having DoGetData inherit > from template.Node or was that a typo? I'm not sure if it's necessary > here, but I can't completely understand what your code is trying to do > (probably more my fault then yours -- I'm getting sleepy). > > Does any of the above help you at all? > > Regards, > Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---