{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 戒情不戒烟 的问题《What should I worry about Python template engines》','https://www.manongdao.com/q-750798.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am a C# and ASP.NET MVC developer. I've completed some Python console applications but I am new to use Python for web applications. I read a lot about Python servers and template engines.
But I worry about :
- Which template engines suit which Python server/ Python web framework ? or should suit?
- Can be there security issues in template engines? or can I pick anyone that I like syntax.
- Can any template engine, integrate data (my models, orm models) with controller and itself? Can this integration cause any security, memory issue ?
- Does it matter to use Python 2.x or 3.x for any template engine ?
I know there are jinja2, pytenjin (seems very fast), pyrazor.
I've tried all and I feel very comfortable with pyRazor because of my ASP.NET MVC background.
and final questions after my worries :
- Which template engines should I use ?
- What is the best development environment (python web framework, template engine) to start development with Tornado ?
I know I've asked so many question but I have to be careful before I dive in to development for real projects.
Edit regarding comments : Ok, I feel I need to be more specific about what I am looking for. As many developers need in python web programming (at least coming from other platforms) , I need to figure out which development options I have. ( IDE , template engines, web servers, etc. ) And how to combine them in a proper way to decrease development time and increase productivity without breaking security.
Update 1 : I think we, the developers from VS and ASP.NET world , get used to having all in a box ready for developments.When it comes to use another technology because of project needs , we (at least I) get paranoid.Because we need to put all in a harmony. It's obvious to use IIS , .NET and VS ( with all advanced features) for .NET projects.
Well, After so many search and investigation , I've decided to use PyCharm as an IDE with Django.I wish someday PyCharm will support web2py as the way they support Django.
Ok , what about the server ? I will let the nginx or cherokee work for me.
Ok , what about template engine ? I will use default Django template engine.( I don't like as much as I like pyRazor) But this way will be more easy to find help or request more feature.On later stages , I can try again jinja2 (In PyCharm you can change the template engine to use in Django).
There is no ultimate template engine or web-framework. E.g. I like the combination of flask, Jinja2 and SQLAlchemy. Others prefer Django, which brings an ORM and template engine. Others prefer mako (also a template engine). Just try them and find out what you like most.
Of course there can be security issues in your templates, e.g. XSS Attacks, but that's unlikely, Jinja2 has e.g. autoescaping enabled by default, so you can throw in whatever you want and it will escape it automatically.
Yes you can integrate your ORM Models with template engines (you can pass the
db-instanceand models to the template), but I wouldn't do it, just because it's easier to do in your route. If you integrate it, there aren't more security/memory issues as if you would do it in your "normal" code.The Python version doesn't matter (as long as the engine supports it), but I would use Python 2.7, because it brings some cool features of Python 3 and it has way more libraries available (not everything is ported to Python 3 yet).