Monday, April 20, 2020

Django Templates

A Django template is a text file designed to separate an application’s data from the way it is presented. In most cases, Django templates are Hypertext Markup Language (HTML) files for presenting application data in a web browser, however Django templates are not limited to HTML—they can be used for rendering several different text formats.
The design of Django’s templates is based on several core principles, however three are key:
  1. A template system should separate program logic from design.
  2. Templates should discourage redundancy—Don’t Repeat Yourself (DRY).
  3. The template system should be safe and secure—code execution in the template must be forbidden.

Separate Logic From Design

Web design and web programming are two very different disciplines. For all but the smallest projects, design and programming are not done by the same people; in many cases, not even the same company.
When Django’s creators first considered the design of Django’s template system it was clear that Django programmers and website designers must be able to work independently of each other. The result is a plain-text scripting language that uses tags to provide presentation logic for deciding what content to display in the template. This is easier to understand with a simple example:
<h1>Your Order Information</h1>
<p>Dear {{ person_name }},</p>
This could be the first couple of lines of an order confirmation page, displayed on a website after the user has made a purchase. You will notice that the majority of this code is plain HTML. The small bit of script in bold is a Django variable tag. When this template is rendered in your browser, the template will replace the variable person_name with the name passed to the template by the view.
As this is plain-text and HTML, a designer does not need to know anything about Django to be able to create a Django template. All the designer has to do is add a placeholder (HTML comment tag, for example), for the programmer to replace with a Django tag when coding the website.
The other major advantage of this approach is that, given the bulk of the template is plain HTML, you as a programmer, can create a good looking website without a designer—you can download a HTML template from the Internet and add Django template tags. This also works with Bootstrap templates and sites heavy in front-end JavaScript.

Don’t Repeat Yourself (DRY)

DRY is a term that comes up often in Django discussions as it’s one of Django’s core principles. The DRY principle is particularly evident in how Django uses template inheritance. To better understand how template inheritance helps us to minimize repetition and redundant code, let’s first examine a typical web page layout (Figure shown below).
Django Tutorials - Webpage Template
.
This page layout has a top navigation, a header image, left side menu, the main content of the page and a footer. If you only wanted to create a few web pages, you could get away with copying the front page and simply changing the content and saving each different page as a HTML file.
Problem is, not only are we repeating a lot of code, but maintaining a large site could quickly get out of hand—what if you needed to change the template? You would have to make the change on every single page in your site!
We fix this problem by creating a parent template that has the content that is common to the entire website and then creating child templates that inherit these common features and then adds any content unique to the child template (Figure shown below).
You will have noticed I included the sidebar navigation in the child here. It’s common for certain pages on a site to have limited navigation, so not every page will need the side navigation.
Django supports multiple inheritance too so, following on from the above example, you could have a child template that adds only the side navigation to the parent, and then have a third template that inherits from the child and adds the content.
The only limit to how you slice and dice Django’s template inheritance is practicality—if your have templates inheriting more than two or three deep, you should re-evaluate your site design.
We will be covering Django’s templates in greater detail in Chapter 8, where you will get to create your own parent and child templates for your website project.

Template Security

Django’s philosophy is that the Internet is insecure enough, without introducing security issues by allowing code execution within webpage templates. Django’s solution to template security vulnerabilities is simple—code execution is forbidden.
Django’s template tags provide display logic only, this includes:
  • Displaying variables—this can be simple text like a users name, or more complex data like HTML formatted text.
  • Choosing which content to display based on logical check(s), e.g., if a user is logged in, then display user menu or user-only content.
  • Iterating over lists of data—most often used to insert database information into HTML lists.
  • Formatting the data—for date formatting, text manipulation and other filters that act on the data.
Things you can’t do in a Django template:
  • Execute Python code
  • Assign a value to a variable
  • Perform advanced logic
Django’s templates also add additional security features like automatically escaping all strings, Cross-Site Scripting and Cross-Site Request Forgery protection. Thus, Django’s templates are secure by default, so you don’t have to worry about introducing security issues into your website accidentally.
Share:

0 comments:

Post a Comment