我应该担心Python模板引擎和Web框架吗? [英] What should I worry about Python template engines and web frameworks?

问题描述

我是C#和ASP.NET MVC开发人员.我已经完成了一些Python控制台应用程序，但是我是第一次将Python用于Web应用程序.我读了很多关于Python服务器和模板引擎的文章.

I am a C# and ASP.NET MVC developer. I've completed some Python console applications but I am new to use Python for web applications. I read a lot about Python servers and template engines.

但我担心:

• 哪些模板引擎适合哪种Python服务器/Python Web框架?还是应该适合?
• 模板引擎中是否存在安全性问题?或者我可以选择任何喜欢语法的人.
• 任何模板引擎都可以将数据(我的模型，orm模型)与控制器及其自身集成吗?这种集成会引起任何安全性，内存问题吗?
• 将Python 2.x或3.x用于任何模板引擎是否重要?

• Which template engines suit which Python server/ Python web framework ? or should suit?
• Can be there security issues in template engines? or can I pick anyone that I like syntax.
• Can any template engine, integrate data (my models, orm models) with controller and itself? Can this integration cause any security, memory issue ?
• Does it matter to use Python 2.x or 3.x for any template engine ?

我知道有jinja2，pytenjin (似乎非常快)， pyrazor . 我已经尝试了所有，由于我的ASP.NET MVC背景，我对pyRazor感到非常满意.

I know there are jinja2, pytenjin (seems very fast), pyrazor. I've tried all and I feel very comfortable with pyRazor because of my ASP.NET MVC background.

还有我担心的最后问题:

and final questions after my worries :

• 我应该使用哪个模板引擎?
• 什么是开始使用Tornado进行开发的最佳开发环境(python Web框架，模板引擎)?

我知道我问了很多问题，但是在投入实际项目的开发之前，我必须要小心.

I know I've asked so many question but I have to be careful before I dive in to development for real projects.

编辑评论:好的，我觉得我需要更加明确地寻找自己想要的内容.正如许多开发人员在python Web编程中所需要的(至少来自其他平台)一样，我需要弄清楚我拥有哪些开发选项. (IDE，模板引擎，Web服务器等)，以及如何以适当的方式将它们组合在一起以减少开发时间并提高生产率而又不破坏安全性.

Edit regarding comments : Ok, I feel I need to be more specific about what I am looking for. As many developers need in python web programming (at least coming from other platforms) , I need to figure out which development options I have. ( IDE , template engines, web servers, etc. ) And how to combine them in a proper way to decrease development time and increase productivity without breaking security.

更新1:我认为我们来自VS和ASP.NET领域的开发人员已经习惯了将所有组件都准备好用于开发.由于项目需求而使用另一种技术时. ，我们(至少是我)变得偏执，因为我们需要使所有人和谐相处.对于.NET项目，显然要使用IIS，.NET和VS(具有所有高级功能).

Update 1 : I think we, the developers from VS and ASP.NET world , get used to having all in a box ready for developments.When it comes to use another technology because of project needs , we (at least I) get paranoid.Because we need to put all in a harmony. It's obvious to use IIS , .NET and VS ( with all advanced features) for .NET projects.

好吧，经过如此多的搜索和调查，我决定将PyCharm用作Django的IDE.我希望有一天PyCharm将以web2py的方式支持Django.

Well, After so many search and investigation , I've decided to use PyCharm as an IDE with Django.I wish someday PyCharm will support web2py as the way they support Django.

好吧，服务器呢?我会让nginx或切诺基为我工作.

Ok , what about the server ? I will let the nginx or cherokee work for me.

好的，模板引擎呢?我将使用默认的Django模板引擎.(我不太喜欢pyRazor)，但是这样可以更轻松地找到帮助或请求更多功能.在以后的阶段，我可以再次尝试jinja2(在PyCharm中，您可以更改要在Django中使用的模板引擎.

Ok , what about template engine ? I will use default Django template engine.( I don't like as much as I like pyRazor) But this way will be more easy to find help or request more feature.On later stages , I can try again jinja2 (In PyCharm you can change the template engine to use in Django).

推荐答案

没有最终的模板引擎或网络框架.例如.我喜欢烧瓶，Jinja2和 SQLAlchemy .其他人更喜欢 Django ，它带有ORM和模板引擎.其他人更喜欢 mako (也是模板引擎).尝试一下，找出最喜欢的东西.

There is no ultimate template engine or web-framework. E.g. I like the combination of flask, Jinja2 and SQLAlchemy. Others prefer Django, which brings an ORM and template engine. Others prefer mako (also a template engine). Just try them and find out what you like most.

当然，模板中可能存在安全性问题，例如 XSS攻击，但这不太可能，Jinja2例如默认情况下会启用自动转义，因此您可以放入任何内容，它将自动转义.

Of course there can be security issues in your templates, e.g. XSS Attacks, but that's unlikely, Jinja2 has e.g. autoescaping enabled by default, so you can throw in whatever you want and it will escape it automatically.

是的，您可以将ORM模型与模板引擎集成在一起(可以将db-instance和模型传递给模板)，但是我不会这样做，因为这样做更容易.如果您将其集成，就不会有更多的安全性/内存问题，就像您将在常规"代码中进行处理一样.

Yes you can integrate your ORM Models with template engines (you can pass the db-instance and models to the template), but I wouldn't do it, just because it's easier to do in your route. If you integrate it, there aren't more security/memory issues as if you would do it in your "normal" code.

Python版本无关紧要(只要引擎支持它即可)，但是我会使用Python 2.7，因为它带来了Python 3的一些很酷的功能，并且拥有更多可用的库(并非所有内容都移植到了Python) 3个.)

The Python version doesn't matter (as long as the engine supports it), but I would use Python 2.7, because it brings some cool features of Python 3 and it has way more libraries available (not everything is ported to Python 3 yet).

这篇关于我应该担心Python模板引擎和Web框架吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！