Tornado框架配置使用Jinja2模板引擎

安裝jinja2包html

pip install jinja2

定義繼承tornado.web.RequestHandler的子類BaseHandler。若是請求處理類繼承這個類將會使用jinja模板引擎;若是請求處理類繼承tornado.web.RequestHandler,則會使用Tornado框架的模板引擎。web

 1 import os
 2 
 3 from jinja2 import Environment, FileSystemLoader, TemplateNotFound
 4 from tornado.web import RequestHandler, Application
 5 from tornado.httpserver import HTTPServer
 6 from tornado.ioloop import IOLoop
 7 
 8 
 9 class TemplateRendering(object):
10     """
11      A simple class to hold methods for rendering templates.
12      """
13     def render_html_file(self, template_name, **kwargs):
14         template_dirs = []
15         if self.settings.get('template_path', ''):
16             template_dirs.append(self.settings['template_path'])
17         env = Environment(loader=FileSystemLoader(template_dirs))
18         try:
19             template = env.get_template(template_name)
20         except TemplateNotFound:
21             raise TemplateNotFound(template_name)
22         content = template.render(kwargs)
23         return content
24 
25 
26 class BaseHandler(RequestHandler, TemplateRendering):
27 
28     def initialize(self):
29         pass
30 
31     def get_current_user(self):
32         user = self.get_secure_cookie("user")
33         return user or None
34 
35     def render_template(self, template_name, **kwargs):
36         kwargs.update({
37             "settings": self.settings,
38             "STATIC_URL": self.settings.get("static_url_prefix", "/static/"),
39             "request": self.request,
40             "current_user": self.current_user,
41             "xsrf_token": self.xsrf_token,
42             "xsrf_form_html": self.xsrf_form_html
43         })
44         content = self.render_html_file(template_name, **kwargs)
45         self.finish(content)
46 
47 
48 class NewHandler(BaseHandler):
49 
50     def get(self, *args, **kwargs):
51         self.render_template("new.html", text="")
52 
53     def post(self, *args, **kwargs):
54         text = self.get_argument("text", "")
55         print(text)
56         self.set_header("X-XSS-Protection", 0)
57         self.render_template("new.html", text=text)
58 
59 
60 class OldHandler(RequestHandler):
61 
62     def get(self, *args, **kwargs):
63         self.render("old.html", text="")
64 
65     def post(self, *args, **kwargs):
66         text = self.get_argument("text", "")
67         print(text)
68         self.set_header("X-XSS-Protection", 0)
69         self.render("old.html", text=text)
70 
71 
72 if __name__ == '__main__':
73     current_path = os.path.dirname(__file__)
74     app = Application([
75         (r"/new", NewHandler),
76         (r"/old", OldHandler)
77     ],
78         cookie_secret="HelloWorld",
79         static_path=os.path.join(current_path, "static"),
80         template_path=os.path.join(current_path, "templates")
81     )
82     http_server = HTTPServer(app)
83     http_server.bind(8080)
84     http_server.start()
85     IOLoop.current().start()
View Code

HTML代碼以下瀏覽器

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>escape</title>
</head>
<body>
  <form method="post">
    <textarea name="text" id="js" cols="30" rows="10"></textarea>
    <input type="submit" value="提交">
  </form>
  {{ text|escape}}  <!-- 開啓轉義 -->
  {{ text }}  <!-- 關閉轉義,js代碼將會執行 -->
</body>
</html>
new.html
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>escape</title>
</head>
<body>
  <form method="post">
    <textarea name="text" id="js" cols="30" rows="10"></textarea>
    <input type="submit" value="提交">
  </form>
  {{ text }} <!-- Tornado模板自動開啓轉義 -->
  {% raw text %}  <!-- 使用模板語法{% raw *text* %}, JS代碼將執行 -->
</body>
</html>
old.html

注意:在Firefox瀏覽器中會直接彈出alert窗口,而在Chrome瀏覽器中,須要set_header("X-XSS-Protection", 0)cookie

Tornado還有兩種方法關閉自動轉義:app

  1. 在Application構造函數中傳遞autoescape=None參數;
  2. 在每頁模板中修改自動轉義行爲,添加語句:{% autoescape None %}
相關文章
相關標籤/搜索