Book Image

Django Design Patterns and Best Practices

By : Arun Ravindran
Book Image

Django Design Patterns and Best Practices

By: Arun Ravindran

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Django Design Patterns and Best Practices
Arun Ravindran
Mar, 2015 | 222 pages
No titles found
Table of Contents (19 chapters)
Django Design Patterns and Best Practices
Django Design Patterns and Best Practices
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Django and Patterns
Django and Patterns
Why Django?
The story of Django
What is a Pattern?
Patterns in this book
Best practices
Summary
2
Application Design
Application Design
How to gather requirements
Are you a story teller?
HTML mockups
Designing the application
Before starting the project
SuperBook – your mission, should you choose to accept it
Summary
3
Models
Models
M is bigger than V and C
The model hunt
Structural patterns
Retrieval patterns
Migrations
Summary
4
Views and URLs
Views and URLs
A view from the top
Class-based generic views
View mixins
Decorators
View patterns
Designing URLs
Summary
5
Templates
Templates
Understanding Django's template language features
Organizing templates
Using Bootstrap
Template patterns
Summary
6
Admin Interface
Admin Interface
Using the admin interface
Enhancing models for the admin
Admin interface customizations
Protecting the admin
Summary
7
Forms
Forms
How forms work
Displaying forms
Understanding CSRF
Form processing with Class-based views
Form patterns
Summary
8
Dealing with Legacy Code
Dealing with Legacy Code
Finding the Django version
Where are the files? This is not PHP
Starting with urls.py
Jumping around the code
Understanding the code base
Incremental change or a full rewrite?
Write tests before making any changes
Legacy databases
Summary
9
Testing and Debugging
Testing and Debugging
Why write tests?
Test-driven development
Writing a test case
Mocking
Pattern – test fixtures and factories
Learning more about testing
Debugging
The print function
Logging
The Django Debug Toolbar
The Python debugger pdb
Other debuggers
Debugging Django templates
Summary
10
Security
Security
Cross-site scripting (XSS)
A handy security checklist
Summary
11
Production-ready
Production-ready
Production environment
Hosting
Deployment tools
Monitoring
Performance
Summary
Python 2 versus Python 3
Python 2 versus Python 3
But I still use Python 2.7!
Python 3
Further information
Index
Index

Cross-site scripting (XSS)

Cross-site scripting (XSS), considered the most prevalent web application security flaw today, enables an attacker to execute his malicious scripts (usually JavaScript) on web pages viewed by users. Typically, the server is tricked into serving their malicious content along with the trusted content.

How does a malicious piece of code reach the server? The common means of entering external data into a website are as follows:

  • Form fields

  • URLs

  • Redirects

  • External scripts such as Ads or Analytics

None of these can be entirely avoided. The real problem is when outside data gets used without being validated or sanitized (as shown in the following screenshot). Never trust outside data:

For example, let's take a look at a piece of vulnerable code, and how an XSS attack can be performed on it. It is strongly advised not to use this code in any form:

class XSSDemoView(View):
    def get(self, request):

        # WARNING: This code is insecure and prone to XSS attacks
        #...
Previous Section
End of Section 2
Next Section