2010年12月12日 星期日

Google App Engine: Simple Guest Book v1.1


Simple Guest Book v1.1




簡易的留言板

已做 防 HTML JavaScript injection

Demo URL: angel10330.appspot.com


檔案結構:
./app.yaml
./index.yaml
./favicon.ico
./main.py
./router.py
./main.html
./err.html





app.yaml
application: angel10330
version: 1
api_version: 1
runtime: python

handlers:
#- url: /
# script: main.py
#
- url: /err\.html
  static_files: err.html
  upload: err.html
- url: /.*
  script: main.py #router.py



main.py
#!/usr/bin/env python
#
# Copyright 2007 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import cgi
import wsgiref.handlers
from google.appengine.ext import db
from google.appengine.ext import webapp
from google.appengine.ext.webapp import template
#from google.appengine.ext.webapp import util

class Shout(db.Model):
  message = db.StringProperty(required=True)
  when = db.DateTimeProperty(auto_now_add=True)
  who = db.StringProperty()

class MainHandler(webapp.RequestHandler):
  def get(self):
    shouts = db.GqlQuery('SELECT * FROM Shout ORDER BY when DESC')
    #
    values = {'shouts': shouts}
    #self.response.out.write('Hello!!')
    #self.response.out.write(template.render('main.html', {}))
    self.response.out.write(template.render('main.html', values))
  def post(self):
    shout = Shout(
      message=cgi.escape(self.request.get(
        'message')),
      who=cgi.escape(self.request.get(
        'who')))
    shout.put()
    #self.response.out.write('posted!')
    self.redirect('/')

def main():
  app = webapp.WSGIApplication([(r'.*', MainHandler)],
  debug=True)
  #util.run_wsgi_app(application)
  wsgiref.handlers.CGIHandler().run(app)

if __name__ == '__main__':
  main()



router.py
#!/usr/bin/env python
#

#from google.appengine.ext import webapp
#from google.appengine.ext.webapp import util
from google.appengine.api import urlfetch

#class MainHandler(webapp.RequestHandler):
# def get(self):
# self.response.out.write('router.')


def main():
  print '[router]\n'
  #result = urlfetch.fetch(url)

if __name__ == '__main__':
  main()




main.html

Hello word


Very Simple Message v1.1


Author: Angel







From:


Messages:








{% for shout in shouts %}

  {{shout.message}}
    from
  {% ifequal shout.who None %}
    Anonymous
  {% else %}
    {{shout.who}}
  {% endifequal %}

{% endfor%}



err.html
error!






test

1 則留言: