In this lesson, you'll learn what templating tools are and how to work with them.
Why do we need templating tools?
First, let's look at this example code:
@app.route('/')
def root():
return 'Main page'
In this example, the handler will respond with the string 'Main Page'. This example is for demonstration purposes, but usually, the browser expects an HTML page. And the page can be tens or hundreds of kilobytes. Now let's try to create HTML this way:
@app.route('/')
def root():
title = 'My super site'
return f'<html><body><h1>{title}</h1></body></html>'
It won't be long before this code becomes unreadable. To work with HTML in frameworks, we use special libraries called templating tools. They work as follows:
- A separate file describes the template in advance
- While the program is running, the template is loaded and converted to HTML
In this case, the template can contain standard HTML tags and special markup. It allows you to substitute values in HTML, display and hide individual fragments by condition, multiply them in a loop, and much more. Here's an example of a template for the popular Jinja templating engine:
{% extends "email-html_base.tmpl" %}
{% block content %}
<p>
{{ msg }}
</p>
<p>
<b>AFFECTED INSTANCES:</b>
</p>
<table class='noborder'>
<tr>
<th>UUID</th><th>IP Address</th><th>Host</th>
</tr>
{% for instance in instances -%}
<tr>
<td>{{ instance.id }}</td>
<td>{{ instance.access_ip_v4 }}</td>
<td>{{ instance.name }}</td>
</tr>
{% endfor %}
</table>
{% endblock %}
When it reads this template, the library substitutes variables and executes logic code every time. It allows you to use the same template to output different pages that differ only in some of their content (most often in the variables you substitute). It's worth noting that we can use many templating tools to form any text, not just HTML.
Security
When you're learning, security is essential when working with HTML forms and templates. If you don't understand the basics of security, you might make a mistake that will lead to fatal consequences for the project. For example, not shielding user data will allow an attacker to launch an XSS attack.
For full access to the course you need a professional subscription.
A professional subscription will give you full access to all Hexlet courses, projects and lifetime access to the theory of lessons learned. You can cancel your subscription at any time.
