hello malcom,
thanks for taking the time to help out.
Malcolm Tredinnick wrote:
> On Wed, 2006-07-05 at 12:32 +0000, plungerman wrote:
> > greetings,
> >
> > i would like to store django template code in a database and retrieve
> > it for display. before i go any further, does anyone foresee any
> > security risks with this approach? there will be control over those
> > users who can manipulate the data but not so much that we could monitor
> > what everyone would be doing at any given moment. that said, i have
> > not seen anything in the template code that could present a system
> > security danger if used maliciously.
>
> It is entirely dependent on the safety of the template tags you are
> using. The standard Django tags do not permit you to change data via a
> template tag (see the discussion of "alters_data" in the
> templates_python.txt document). But your own custom tags (or other
> custom tags that are available via "load") may not be so diligently
> marked.
>
> > my approach was to create a template tag to retrieve the data from the
> > database and then display it in a template when called. unfortunately,
> > when i use the templatetag in a template, the django template code is
> > not parsed or rendered. you see the templated code itself. for
> > example, {% block content %}{% endblock %}
> >
> > so question two would be, how can you tell the template rendering
> > mechanism in django to parse the data as if it were any other template
> > code? below find the code for the templatetag if that will help
> > diagnose the problem.
>
> Unless I am missing something, you don't seem to have included the code
> that actually creates the template. At some point you are going to get a
> string of text out of the database and have to call
>
> t = django.template.Template(template_string)
>
> with the data (template_string, here). This will give you back a
> template object and you can render that using the current context by
> calling
>
> t.render(context)
>
> That last line will probably be in the render() method of whatever your
> template tag is.
i was simply calling the templatetag from a template itself to display
the data retrieved from the database that contains django template
code:
{% load data_template %}
{% get_data as data %}
{% if data.content %}{{ data.content }}{% endif %}
unfortunately, the problem was that the data was not being rendered, so
you see the django template script like {% block content %}{% endblock
%} . i guess that i had hoped it would be that easy. anyway, i
attempted to rewrite the templatetag as you indicated above, adding
t = django.template.Template(template_string)
t.render(context)
to the render method of the SomeData class, but having no luck. i
might have to dig into hugo's implementation.
>
> Also, just in passing, are you deliberately not having DoGetData inherit
> from template.Node or was that a typo? I'm not sure if it's necessary
> here, but I can't completely understand what your code is trying to do
> (probably more my fault then yours -- I'm getting sleepy).
>
> Does any of the above help you at all?
>
> Regards,
> Malcolm
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---
