Adding a CMS to Your Pyramid Web App Transcripts
Chapter: Course conclusion
Lecture: Review: Rendering a CMS page
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
for all the cool functionality and effort and polish we put into this application, rendering the page is not where that appears or where we had to use that skill.
0:11
So once we've gone to that CMS request and we've determined there is a page, we're going to use this chameleon template to render it and all.
0:19
We have to dio it's set the title on.
0:22
We passed through the View model, a page object which has the titles we say Dollar curly bracket page, not title, And then we want to put the HTML in the middle.
0:30
I remember the trick is that we just say dollar early bracket HTML it encodes it.
0:35
So it's like viewing the source of the HTML, not the actual display that we're hoping for.
0:40
So in Pyramid and in chameleon, the way we do this is we say structure, colon, some string, and it says we're not gonna protect you from this.
0:48
We're gonna drop it in exactly as it is. It's part of the page, its structure of the page.
0:53
So this is what we had to do these two things, I think in a real example we also actually set the title as well. On the top of the tab, Do beware.
1:03
This structure thing means you cannot take user input and then return it or render it this way, just asking for them. Toe hack.
1:12
You are more likely hack your users to put some kind of JavaScript or scripting vulnerability into that conduct and then try to get you to show it to the other users of the site.
1:21
So this is for you and your trusted people on the back end. Edit the CMS and render the data.
1:27
Be careful if you try to use the same technique for users who might enter the value of HTML there.