#100DaysOfWeb in Python Transcripts
Chapter: Days 37-40: Introduction to Pyramid framework
Lecture: Concept: Chameleon

Login or purchase this course to watch this video and the rest of the course contents.
0:00 Now before we wrap up this chapter let's take just a moment and talk about the Chameleon template language. Like I said in the beginning
0:09 Jinga2 is actually a more popular language than Chameleon. It's the one that works with Flask, for example Chameleon is not native to Flask
0:19 when you install it without doing a little extra work. Why Chameleon and how does it work? Well, this one slide sums up both of those pretty well.
0:27 The why is, if you look at this this is still valid HTML, right? It has these weird attributes that kind of are going to be ignored
0:37 if you just load it in a straight editor but it's valid HTML. Whereas Django templates those have all sorts of extra non-valid HTML goo
0:46 like the %for, %f all that kind of stuff. One, this is a simpler, cleaner language that is still valid HTML even in its template form.
0:55 That really appeals to me. And that's why I like it a lot better. Now, how does it work? Let's look at a couple of things. If we want to have a loop
1:04 we use the tal:repeat and the syntax is similar but sadly not identical to Python. Instead of c in categories, it's just c categories.
1:13 Just tell yourself the in is silent. If we're going to spit out the value spit out some text, like the URL of an image
1:21 so c.image, maybe that's a string that represents a URL of whatever that category is then we would just say ${}
1:28 and then, you know, the Python expression that's going to go there. If we want to do an if statement that's a tal:condition.
1:36 So we can have not categories and we're just use the truthyness so categories, not categories, and so on. You can see the two different conditions
1:44 that we have there. But you can also do more complicated things like if this number minus that number is greater than seven, or, you know
1:50 whatever it is you're looking for. And one other thing to keep in mind this ${}, right, like the c.image, for example
1:59 that is HTML encoded, so by default this is safe from content injection, right? Like if we had a form, somebody could type in
2:08 well, angle bracket, Java script, hack your site, right? It's just going to come out as like pre-formatted you know, $lte:
2:16 It won't actually spit out Java script. If you absolutely trust the source and you need to put out HTML you can use structure:expression.
2:25 So for example, structure:c.image and it will spit out unescaped HTML. So, only do that for input that you do.
2:34 Maybe you and internal from your company. Only you can type this into the database or into this field. Then it might be OK to use structure.
2:41 But if this is user input, you should never ever use structure on user input. That is just asking for somebody to do something bad.
2:48 OK, so, this is quick flyover of Chameleon and how it works.


Talk Python's Mastodon Michael Kennedy's Mastodon