Simple Guest Book v1.1
簡易的留言板
已做 防 HTML JavaScript injection
Demo URL: angel10330.appspot.com
檔案結構:
./app.yaml
./index.yaml
./favicon.ico
./main.py
./router.py
./main.html
./err.html
app.yaml
application: angel10330
version: 1
api_version: 1
runtime: python
handlers:
#- url: /
# script: main.py
#
- url: /err\.html
static_files: err.html
upload: err.html
- url: /.*
script: main.py #router.py
main.py
#!/usr/bin/env python
#
# Copyright 2007 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import cgi
import wsgiref.handlers
from google.appengine.ext import db
from google.appengine.ext import webapp
from google.appengine.ext.webapp import template
#from google.appengine.ext.webapp import util
class Shout(db.Model):
message = db.StringProperty(required=True)
when = db.DateTimeProperty(auto_now_add=True)
who = db.StringProperty()
class MainHandler(webapp.RequestHandler):
def get(self):
shouts = db.GqlQuery('SELECT * FROM Shout ORDER BY when DESC')
#
values = {'shouts': shouts}
#self.response.out.write('Hello!!')
#self.response.out.write(template.render('main.html', {}))
self.response.out.write(template.render('main.html', values))
def post(self):
shout = Shout(
message=cgi.escape(self.request.get(
'message')),
who=cgi.escape(self.request.get(
'who')))
shout.put()
#self.response.out.write('posted!')
self.redirect('/')
def main():
app = webapp.WSGIApplication([(r'.*', MainHandler)],
debug=True)
#util.run_wsgi_app(application)
wsgiref.handlers.CGIHandler().run(app)
if __name__ == '__main__':
main()
router.py
#!/usr/bin/env python
#
#from google.appengine.ext import webapp
#from google.appengine.ext.webapp import util
from google.appengine.api import urlfetch
#class MainHandler(webapp.RequestHandler):
# def get(self):
# self.response.out.write('router.')
def main():
print '[router]\n'
#result = urlfetch.fetch(url)
if __name__ == '__main__':
main()
main.html
Hello word
Very Simple Message v1.1
Author: Angel
{% for shout in shouts %}
{{shout.message}}
from
{% ifequal shout.who None %}
Anonymous
{% else %}
{{shout.who}}
{% endifequal %}
{% endfor%}
err.html
error!
test
test
回覆刪除