Evoque - managed eval-based templating
Released the first version 0.1 of the lightweight, capable and fast Evoque templating engine on Saturday 7 March -- see comp.lang.python.announce announcement.
Evoque's distinguishing factors are:
Evoque's distinguishing factors are:
- automatic input quoting, i.e. XSS protection. To my knowledge no other text-based templating system has this feature. This is achieved thanks to Qpy's quoted-string h8 class, although any other quoted-string class may be used instead.
- a restricted execution mode, to be able to safely expose templates for editing to untrusted clients. To facilitate this, only python expressions are allowed, i.e. nothing is ever exec'ed.
- small footprint -- under 1K lines of code -- yet full-featured, e.g. elaborate cache management, template inheritance, versatile template addressing.
- a contender for the fastest pure python templating engine currently out there. See some comparative performance benchmarks -- in particular compared with Mako that is currently considered to be the fastest text-based templating system.
1 Comments:
Hi,
Regarding the entry for getting Pylons to use Evoque as the default template entry (link: http://evoque.gizmojo.org/ext/pylons/). There is an error (I think) about the controller. The links says to make the last line: return render("template.html"), I find that it has to be: return render("template.html", quoting="str") in order for it to work.
Thanks!
Doug
Post a Comment
<< Home