AirspeedTemplate

Description

AirspeedTemplate is a MoinMoin macro for including an airspeed template in a page.

Airspeed is a Python clone of the Velocity template engine.

Download & Release Notes

Download	Release Version	Moin Version	Release Notes
(withdrawn)	1.0	1.8, 1.7	First release
AirspeedTemplate.py	1.1	1.8, 1.7	Bugfix release, fix crash on stand-alone server

Usage

Macro parameters:

template_filename:
- (required) The name of the template file to use. Any directory path portion of this name will be ignored, for security reasons. The files are in the "airspeed_templates" subdirectory of the wiki's plugin directory unless the template_subdir parameter is given.
context_varname:
- (optional) The name of the request attribute containing the context. The context is a dictionary whose values become variables available for use in the template. If this request attribute doesn't exist, only the standard variables and functions are added to the context, otherwise this dictionary is added to the context, replacing any standard variables with the same names. Default: 'template_context'
template_subdir:
- (optional) The name of the subdirectory of the plugins directory in which template files will be found. For security purposes, if this parameter is a directory path, only the last component will be used, and '..' is not allowed. The default is "airspeed_templates".

Standard variables and functions added to the context:

request -- MoinMoin request object. $request.script_name to form URIs
user -- User object for current user. user.name is login name.
session -- MoinMoin session. Use $session.varname to get a session var.
env -- CGI environment variables, i.e. $env.HTTP_USER_AGENT
form -- GET and POST params. i.e. $form.varname
saved_form -- Vars. saved on session by action. See the code.
escape -- Function to replace HTML special characters, i.e. with "<"
urlquote -- Function to quote URL query parameters
len -- Function to return length of list or size of dictionary
getitem -- getitem(mylist, 0) -> first item in list, also for dicts
clear_saved_form -- $!clear_saved_form() deletes saved_form. See the code.

Example

Contents of plugins/action/fruit_action.py:

   1 from MoinMoin.Page import Page
   2     def execute(pagename, request):
   3         request.template_context = {'apples': 5, 'bananas': '<two>'}
   4         return Page(request, pagename).send_page()

Contents of plugins/airspeed_templates/fruit.html:

<b>We have $apples apples and $escape($bananas) bananas.</b>

Source text of FruitStatus wiki page:

Here is the status of our fruit supply:<<BR>>
<<AirspeedTemplate(fruit.html)>>

Result of http://localhost/wiki/FruitStatus?action=fruit_action :

Here is the status of our fruit supply:
We have 5 apples and <2> bananas.

Copyright

License

AirspeedTemplate is released under the Simplified BSD License.

Bugs

Report them here

Discussion

Security

The AirspeedTemplate macro does not allow users to put arbitrary HTML into a page. However, poorly designed templates can still have cross-site scripting bugs anyway. Use the $escape() function in your templates to quote any data that might contain unwanted HTML.

The AirspeedTemplate macro will only use template files found in a sub-directory of your wiki's plugins directory. The name of this sub-directory is configurable with an optional macro parameter (see description above) and defaults to "airspeed_templates".

David Handy 19 Jan 2008

MoinMoin: MacroMarket/AirspeedTemplate (last edited 2009-02-05 23:04:10 by DavidHandy)