Mastering Django: Core

Mastering Django: Core

By : Nigel George

Buy this Book

Mastering Django: Core

By: Nigel George

Buy this Book

Overview of this book

Mastering Django: Core is a completely revised and updated version of the original Django Book, written by Adrian Holovaty and Jacob Kaplan-Moss - the creators of Django. The main goal of this book is to make you a Django expert. By reading this book, you’ll learn the skills needed to develop powerful websites quickly, with code that is clean and easy to maintain. This book is also a programmer’s manual that provides complete coverage of the current Long Term Support (LTS) version of Django. For developers creating applications for commercial and business critical deployments, Mastering Django: Core provides a complete, up-to-date resource for Django 1.8LTS with a stable code-base, security fixes and support out to 2018.

Mastering Django: Core

Credits

About the Author

www.PacktPub.com

Preface

Free Chapter

Introduction to Django and Getting Started

Introducing Django

What's next?

Views and URLconfs

Your first Django-powered page: Hello World

Your second view: dynamic content

URLconfs and loose coupling

Your third view: dynamic URLs

Django's pretty error pages

What's next?

Templates

Template system basics

Using the template system

Dictionaries and contexts

Basic template-tags and filters

Philosophies and limitations

Using templates in views

Template loading

render()

Template subdirectories

The include template tag

Template inheritance

What's next?

Models

The "dumb" way to do database queries in views

Configuring the database

Your first app

Defining Models in Python

Basic data access

What's next?

The Django Admin Site

Using the admin site

Adding your models to the admin site

Making fields optional

Customizing field labels

Custom model admin classes

Users, groups, and permissions

When and why to use the admin interface-and when not to

What's next?

Forms

Getting data from the Request Object

A simple form-handling example

Improving our simple form-handling example

Simple validation

Making a contact form

Tying form objects into views

Changing how fields are rendered

Setting a maximum length

Setting initial values

Custom validation rules

Specifying labels

Customizing form design

What's next?

Advanced Views and URLconfs

URLconf Tips and Tricks

Performance

Error handling

Including other URLconfs

Passing extra options to view functions

Reverse resolution of URLs

Naming URL patterns

URL namespaces

What's next?

Advanced Templates

Template language review

Requestcontext and context processors

Guidelines for writing our own context processors

Automatic HTML escaping

Inside Template loading

Extending the template system

Custom template tags and filters

Advanced custom template tags

Advanced Models

Executing raw SQL queries

Performing raw queries

Executing custom SQL directly

What's next?

Generic Views

Generic views of objects

Making "friendly" template contexts

Adding extra context

Viewing subsets of objects

Dynamic filtering

Performing extra work

What's next?

User Authentication in Django

Overview

Using the Django authentication system

User objects

Permissions and authorization

Authentication in web requests

Authentication views

Authenticating data in templates

Managing users in the admin

Password management in Django

Customizing authentication in Django

Custom permissions

Extending the existing user model

Substituting a custom user model

What's next?

Testing in Django

Introduction to testing

Introducing automated testing

Basic testing strategies

Using different testing frameworks

What's next?

Deploying Django

Preparing your codebase for production

Critical settings

Environment-specific settings

HTTPS

Performance optimizations

Error reporting

Using a virtualenv

Using different settings for production

Deploying Django to a production server

Deploying Django with Apache and mod_wsgi

Serving static files in production

Scaling

Performance tuning

What's next?

Generating Non-HTML Content

The basics: views and MIME types

Producing CSV

Using the template system

Other text-based formats

The syndication feed framework

The high-level framework

The low-level framework

The Sitemap framework

What's next?

Django Sessions

Enabling sessions

Configuring the session engine

Using Sessions in Views

Session object guidelines

Session serialization

Setting test cookies

Using sessions out of views

When sessions are saved

Browser-length sessions vs. persistent sessions

Clearing the session store

What's next

Djangos Cache Framework

Setting up the cache

The per-site cache

The per-view cache

Template fragment caching

The low-level cache API

Downstream caches

Using vary headers

Controlling cache: using other headers

What's next?

Django Middleware

Activating middleware

Hooks and application order

Writing your own middleware

Internationalization

Internationalization: in Python code

Internationalization: In template code

Internationalization: In Javascript code

Internationalization: In URL patterns

Localization: How to create language files

Explicitly setting the active language

Using translations outside views and templates

Implementation notes

What's next?

Security in Django

Django's built in security features

Additional security tips

More on Installing Django

Running other databases

Installing Django manually

Upgrading Django

Installing a Distribution-specific package

Installing the development version

What's next?

Advanced Database Management

Using a 3rd-Party database backend

Integrating Django with a legacy database

What's next?

Model Definition Reference

Fields

Universal field options

Field attribute reference

Relationships

Model metadata options

Database API Reference

Creating objects

Saving changes to objects

Retrieving objects

Complex lookups with Q objects

Comparing objects

Deleting objects

Copying model instances

Updating multiple objects at once

Related objects

Falling back to raw SQL

Generic View Reference

Common arguments to generic views

Simple generic views

List/detail generic views

Date-Based Generic Views

Form handling with class-based views

Settings

What's a settings file?

Using settings in Python code

Altering settings at runtime

Security

Creating your own settings

DJANGO_SETTINGS_MODULE

Using settings without setting DJANGO_SETTINGS_MODULE

Available settings

Built-in Template Tags and Filters

Built-in tags

Built-in filters

Internationalization tags and filters

Other tags and filters libraries

Request and Response Objects

StreamingHttpResponse objects

FileResponse objects

Error views

Customizing error views

Developing Django with Visual Studio

Installing Visual Studio

Creating A Django project

Django development in Visual Studio

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Automatic HTML escaping

When generating HTML from templates, there's always a risk that a variable will include characters that affect the resulting HTML. For example, consider this template fragment:

Hello, {{ name }}.

At first, this seems like a harmless way to display a user's name, but consider what would happen if the user entered his name as this:

<script>alert('hello')</script>

With this name value, the template would be rendered as:

Hello, <script>alert('hello')</script>

... which means the browser would pop-up a JavaScript alert box! Similarly, what if the name contained a '<' symbol, like this?

<b>username

That would result in a rendered template like this:

Hello, <b>username

... which, in turn, would result in the remainder of the Web page being bolded! Clearly, user-submitted data shouldn't be trusted blindly and inserted directly into your Web pages, because a malicious user could use this kind of hole to do potentially...

Mastering Django: Core

By : Nigel George

Mastering Django: Core

By: Nigel George

Overview of this book

Related Content you might be interested in

Current Title:

Mastering Django: Core

Automatic HTML escaping