Wednesday, March 12, 2008

Evoque - managed eval-based templating

Released the first version 0.1 of the lightweight, capable and fast Evoque templating engine on Saturday 7 March -- see comp.lang.python.announce announcement.

Evoque's distinguishing factors are:
  • automatic input quoting, i.e. XSS protection. To my knowledge no other text-based templating system has this feature. This is achieved thanks to Qpy's quoted-string h8 class, although any other quoted-string class may be used instead.
  • a restricted execution mode, to be able to safely expose templates for editing to untrusted clients. To facilitate this, only python expressions are allowed, i.e. nothing is ever exec'ed.
  • small footprint -- under 1K lines of code -- yet full-featured, e.g. elaborate cache management, template inheritance, versatile template addressing.
  • a contender for the fastest pure python templating engine currently out there. See some comparative performance benchmarks -- in particular compared with Mako that is currently considered to be the fastest text-based templating system.
Home page for Evoque is: http://evoque.gizmojo.org/

Labels: , , , , ,

1 Comments:

Blogger writeson said...

Hi,
Regarding the entry for getting Pylons to use Evoque as the default template entry (link: http://evoque.gizmojo.org/ext/pylons/). There is an error (I think) about the controller. The links says to make the last line: return render("template.html"), I find that it has to be: return render("template.html", quoting="str") in order for it to work.
Thanks!
Doug

4:40 PM  

Post a Comment

<< Home