Adding a CMS to Your Pyramid Web App Transcripts
Chapter: The Pages
Lecture: Real page content (i.e. HTML)

Login or purchase this course to watch this video and the rest of the course contents.
0:00 Really quickly, I added a couple of CSS styles here. That 'h1' should still be centered, but that the main content of the page to be aligned left.
0:09 If you look over here now, this is probably what we want. Everything centered is going to be super weird.
0:14 So this is gonna be left-aligned and we can style the elements within here as needed. Okay, so that's off to a good start.
0:21 Now, when you look at this, this is not super interesting. Employees, same.
0:27 It's like a sentence that just lays it out on the page. It's not really content.
0:31 But what I want to do is just like maybe let's write a little bit of content for this page so you can click on '/donate' and have something there.
0:39 so for now, until we get to editign, let's go and just go to our fake data and add another one of these over. So this is gonna be the url, 'donate'.
0:49 This is the same, 'donate'. The title will be "Donate to the PSF". And for content. I want to put something more real.
0:58 So I'm gonna use, let's get rid of that that'll thing there. I'm going to use one of these literal strings like this
1:06 and so we can have it look just like so. Now it's not amazing. Obviously not going to build out our site like this,
1:13 But for now, let me just put this in here. So we're gonna strip it off so it doesn't have those bases there and there.
1:18 But otherwise, we have some built in HTML, and it's gonna be awesome, right? Let me just rerun this. We go back, we make a request.
1:25 The CMS service will ask the fake data for the donate data, and it will be there now, so it shouldn't 404 like it has been.
1:33 If I refresh, it should be amazing. We should see that content we wrote. Yeah, hmm, that's amazing. It it does look pretty amazing to me.
1:41 I did notice we probably should drop this by that part. What do you think about this? You're loving it out there. What happened?
1:49 Well, pyramid and chameleon tried to protect us from users injecting data into our site. When would that kind of stuff happen?
1:57 If I had a user forum and somebody said, "Hey, I'm going to type an answer or even a question" "I'm gonna go type it out."
2:03 And normally you let them type HTML or something like that, and you show it and it's great.
2:08 But every now and then there's gonna be some evil person that says, Well, let me put in a angle bracket JavaScript.
2:13 Some thing to take over the page, right? Something nasty that's gonna like, look at your cookies Or do cross site scripting
2:19 or something along those lines or even on the same site. So chameleon and pyramid Try to protect you from that.
2:25 They won't let you put raw markdown in there unless you explicitly say so. So we're gonna do that here in a second below its get rid of this bit.
2:34 We already have the HTML, the head, the title in there. Okay, so over here, we can say I know what I'm doing. This input is safe.
2:44 We can say 'structure:'. That means don't protect us. Just dropped straight in the page and let it do its thing.
2:51 It's part of the HTML structure that we need. If we go over here and I saved it, hopefully I did. Ta da! There we go!
2:58 "Did you know you can actually donate to the PSF? Here's their link." Click on it. And now we're over there.
3:03 We could even have that open in a separate page. That's pretty cool, right? So this is working.
3:08 The only caveat, the only warning is you cannot use this for user generated content.
3:14 So remember, the idea for the CMS is not to let users write your site,
3:19 but let you say, implement this page or this page without going and writing more source code.
3:24 You just go and log into the admin tool which we're gonna build shortly. Type out the details and hit save.
3:29 And now you have a donate page that everyone on your team can manage.
3:33 You obviously trust people that work at your company to not hack your own website.
3:37 If you can't trust them to not hack your website, they shouldn't work for you.
3:40 Hey, that's just how it works. You always put logging and tracking and who's done what as well in there.
3:45 So this works out great for internal systems, but be very, very careful about doing this kind of thing For external ones
3:51 You can use something else like markdown. We'll get to some things that will kind of sort of work.
3:56 Or if you want to let people from the outside work on this. But for now, the way this is working and this particular version of the source code.
4:03 Don't let other people edit that because this is open do script injection, all sorts of badness.
4:09 But it looks good, doesn't it? Looks like it's working now.
4:11 It's not a super amazing right, but it is taking proper markdown with things like hyperlinks and whatnot
4:13 and rendering them just like a real site would.


Talk Python's Mastodon Michael Kennedy's Mastodon