XML in Web2py

XML in Web2py

Web2py is a free online framework for agile development that includes database-driven web applications and is built in Python and programmable in Python. It is a full-stack framework that provides everything a developer needs to create a fully working online application.

XML is a type of object that is used to encapsulate unescaped content. Valid XML may or may not be present in the text. JavaScript, for example.

For example:

>>> print DIV("<b>hello</b>")
<div>&lt;b&gt;hello&lt;/b&gt;</div>

The text in the above example is escaped, and to prevent it from getting escaped, we can modify the above code by using XML as:

>>> print DIV(XML("<b>hello</b>"))
<div><b>hello</b></div>

If you want the XML to be humanly readable on an HTML page, simply do the following:

{{=my_xml_string}}

When displayed as HTML, the XML markup will be escaped so it may be viewed.

If you want the raw XML put into the view (without escaping), use the following syntax:

{{=XML(my_xml_string)}}

Rendering HTML Stored in a Variable

You may want to render HTML saved in a variable at times. However, the HTML may contain hazardous tags like scripts:

For example:

>>> print XML('<script>alert("unsafe!")</script>')
<script>alert("unsafe!")</script>

Unescaped executable input like in the above code is dangerous because it may be used to launch Cross-Site Scripting (XSS) attacks on other website users.

The web2py XML helper may sanitise our content to avoid injections and escape any tags other than those specifically permitted. Here's an illustration:

>>> print XML('<script>alert("unsafe!")</script>', sanitize=True)
&lt;script&gt;alert(&quot;unsafe!&quot;)&lt;/script&gt;

Overriding Default Constructors

By default, the XML builders consider the content of some tags and some of their attributes safe. The optional permitted tags and allowed attribute parameters can be used to alter the defaults. The following are the default values for the XML helper's optional parameters.

For example:

XML(text, sanitize=False,
    permitted_tags=['a', 'b', 'blockquote', 'br/', 'i', 'li',
       'ol', 'ul', 'p', 'cite', 'code', 'pre', 'img/'],
    allowed_attributes={'a':['href', 'title'],
       'img':['src', 'alt'], 'blockquote':['type']})

Frequently Asked Questions

What is XML in Web2py?

XML is an entity that is used to encapsulate unescaped content. The text might include valid XML or not. It might, for example, have JavaScript.

What is Falcon API?

Falcon is a lightning-quick, lightweight Python web API framework for creating reliable app backends and microservices. The framework performs admirably with gevent/meinheld and asyncio (ASGI) (WSGI).

What is the web2py framework?

Web2py, written in Python and programmable in Python, is described as a free, open-source online framework for agile development that involves database-driven web applications.

Is web2py an MVC framework?

The Ruby on Rails and Django frameworks informed the creation of web2py. Web2py, like similar frameworks, emphasises rapid development, prefers convention over configuration, and adheres to the model-view-controller (MVC) architectural paradigm.

Which is better, web2py or Django?

Due to its smaller size, more straightforward learning curve, and lack of project-level configuration files, web2py differs from Django. Compared to PHP-based frameworks and Java-based frameworks, web2py has a significantly more explicit syntax.

Conclusion

In this article, we have extensively discussed the XML in Web2py and Web Frameworks. 

Do you not feel eager to read/explore additional information on the subject of Web2py after reading about the XML in Web2py? See the Web2py, Web2Py init,  Application creation, Web2Py Installation, and Troubleshooting to learn more.

Nevertheless, you may consider our paid courses to give your career an edge over others!

Do upvote our blogs if you find them helpful and engaging!

Happy Learning!