notes :MTV The essence of is MVC, It can be understood as MVC+T, Use T To help show the content of the website . Because web pages C Most of the time, they are not big , It doesn't need to be split , So it becomes MTV 了 .
< Project name >/templates
settings.py
in TEMPLATES Configuration item templates
Search for template files in folders templates
'DIRS': [os.path.join(BASE_DIR, 'templates')],
# file: settings.py TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', # 'DIRS': [], 'DIRS': [os.path.join(BASE_DIR, 'templates')], # Add template path 'APP_DIRS': True, # Whether to index each app Inside templates Catalog ... }, ]
adopt loader Access to the template , adopt HttpResponse To respond
from django.template import loade # 1. adopt loader Load template t = loader.get_template(" Template file name ") # 2. take t convert to HTML character string html = t.render( Dictionary data ) # 3. Use the response object to return the converted String content to the browser return HttpResponse(html)
Use render() Directly load and respond to the template
from django.shortcuts import rende return render(request,' Template file name ', Dictionary data )
Use loader Load template
t = loader.get_template('xxx.html') html = t.render( Dictionary data ) return HttpResponse(html)
Use render Load template
return render(request,'xxx.html', Dictionary data )
Use variable syntax in templates
The variables in the view function must be encapsulated in the dictionary before they can be passed to the template
def xxx_view(request) dic = { " Variable 1":" value 1", " Variable 2":" value 2", } return render(request, 'xxx.html', dic)
If there are too many variables , have access to locals () Automatically generate a dictionary of local variables
def xxx_view(request) Variable 1 = value 1 Variable 2 = value 2 ... return render(request, 'xxx.html', locals())
Definition :XSS The full name is Cross Site Scripting Cross site scripting
principle : Malicious HTML/JavaScript The code is injected into the web page visited by the injured user , So as to achieve the purpose of attack
harm : Stealing user information , Destroy the normal operation of the website, etc
classification :
Definition : When a request is made ,XSS The code appears in URL in , Submit to the server as input , The server responds after parsing ,XSS The code is passed back to the browser along with the response content , Finally, browser parsing is executed XSS Code . This process is like a reflection , So it's called reflex type XSS
Examples : Submit as a query string xss Code http://127.0.0.1:8000/test_html?t=<script>alert(11)</script> After the backend receives the value of the query string , Show on page
Definition : The submitted XSS The code will be stored on the server side ( database , Memory , File system, etc ), Other users are attacked when they request the target page
Examples : When a blog posts , Submit XSS Code , After the server stores the code , When other users access this article , By XSS attack
Definition :DOM XSS Your code doesn't need to interact with the server , Directly trigger the attack at the front end
Examples : Address bar submit # Content , for example -http://127.0.0.1:8000/test_html#javascript:alert(11) Add... To the page JS: <script> var hash = location.hash; if(hash){ var url = hash.substring(1); location.href = url; } </script>
For documentation, see :https://docs.djangoproject.com/en/2.2/ref/templates/builtins/#built-in-tag-reference
effect
Tag syntax
{% label %} ... {% End tag %}
if label
{% if Conditional expression 1 %} ... {% elif Conditional expression 2 %} ... {% elif Conditional expression 3 %} ... {% else %} ... {% endif %}
if Boolean operators in tags
for label
grammar
Built-in variables - forloop
effect
grammar
{{ Variable | filter 1: Parameter values 1| filter 2: The number 2 ... }}
Common filters
For documentation, see :
Identify which sub modules are allowed to be modified
block label : Define... In the parent template , You can override... In a sub template
{% block block_name %} Define template blocks , This template can be covered by the same name block redefined by the sub template {% endblock block_name %}
The sub template inherits the syntax tag
{% extends 'base.html' %}
Sub template Rewrite the content block in the parent template
{% block block_name %} The child template plate is used to cover the parent template block_name Block content {% endblock block_name %}
Overridden override rules
Be careful
Reference documents
Example of template inheritance :
url Reverse parsing refers to the use of the in a view or template , use path Define the name to find or calculate the corresponding route
path Syntax of functions
path(‘page’, views.page_view, name=“page_url”)
path () Of name Key parameters
according to path Medium name= Pass the keyword to url Identified a unique name , In a template or view , You can infer this from the name url Information
{% url ' Alias ' %} {% url ' Alias ' ' Parameter values 1' ' Parameter values 2' %} give an example : {% url 'pagen' '400' %} {% url 'person' age='18' name='gxn' %}
from django.urls import reverse reverse(' Alias ', args=[], kwargs={}) give an example : print(reverse('pagen',args=[300])) print(reverse('person',kwargs={'name':'xixi','age':18}))
Find the most suitable 【 The parameters are the same 】; When the parameters are consistent , Find the last one ;