#100DaysOfWeb in Python Transcripts
Chapter: Days 37-40: Introduction to Pyramid framework
Lecture: Concept: Chameleon

Login or purchase this course to watch this video and the rest of the course contents.
0:00 Now before we wrap up this chapter
0:02 let's take just a moment and talk
0:04 about the Chameleon template language.
0:07 Like I said in the beginning
0:08 Jinga2 is actually a more popular language than Chameleon.
0:13 It's the one that works with Flask, for example
0:15 Chameleon is not native to Flask
0:18 when you install it without doing a little extra work.
0:20 Why Chameleon and how does it work?
0:22 Well, this one slide sums up both of those pretty well.
0:26 The why is, if you look at this
0:29 this is still valid HTML, right?
0:31 It has these weird attributes
0:34 that kind of are going to be ignored
0:36 if you just load it in a straight editor
0:38 but it's valid HTML. Whereas Django templates
0:41 those have all sorts of extra non-valid HTML goo
0:45 like the %for, %f all that kind of stuff.
0:48 One, this is a simpler, cleaner language
0:51 that is still valid html even in its template form.
0:54 That really appeals to me.
0:56 And that's why I like it a lot better.
0:58 Now, how does it work?
0:59 Let's look at a couple of things.
1:01 If we want to have a loop
1:03 we use the tal:repeat
1:05 and the syntax is similar
1:06 but sadly not identical to Python.
1:08 Instead of c in categories, it's just c categories.
1:12 Just tell yourself the in is silent.
1:15 If we're going to spit out the value
1:17 spit out some text, like the URL of an image
1:20 so c.image, maybe that's a string
1:22 that represents a URL of whatever that category is
1:25 then we would just say ${}
1:27 and then, you know, the Python expression
1:30 that's going to go there.
1:32 If we want to do an if statement
1:33 that's a tal:condition.
1:35 So we can have not categories
1:37 and we're just use the truthyness
1:40 so categories, not categories, and so on.
1:41 You can see the two different conditions
1:43 that we have there.
1:44 But you can also do more complicated things
1:46 like if this number minus that number
1:48 is greater than seven, or, you know
1:49 whatever it is you're looking for.
1:51 And one other thing to keep in mind
1:53 this ${}, right, like
1:56 the c.image, for example
1:58 that is HTML encoded, so by default
2:02 this is safe from content injection, right?
2:05 Like if we had a form, somebody could type in
2:07 well, angle bracket, Java script, hack your site, right?
2:10 It's just going to come out as like pre-formatted
2:13 you know, $lte:
2:15 It won't actually spit out Java script.
2:17 If you absolutely trust the source
2:20 and you need to put out HTML
2:22 you can use structure:expression.
2:24 So for example, structure:c.image
2:27 and it will spit out unescaped HTML.
2:30 So, only do that for input that you do.
2:33 Maybe you and internal from your company.
2:35 Only you can type this into the database
2:38 or into this field.
2:39 Then it might be OK to use structure.
2:40 But if this is user input, you should never ever
2:42 use structure on user input.
2:44 That is just asking for somebody to do something bad.
2:47 OK, so, this is quick flyover of Chameleon and how it works.