Django community: Community blog posts RSS
This page, updated regularly, aggregates Community blog posts from the Django community.
-
Django: A version of json_script for pre-serialized JSON strings
Django’s json_script template filter is a convenient and safe way to pass a larger amount of data to JavaScript. I covered it in my post last year How to Safely Pass Data to JavaScript in a Django Template. I found an interesting use case for json_script in my client Silvr’s project. The view had a pandas DataFrame that needed passing through the template to a chart-drawing JavaScript function. The default json_script wouldn’t work with pandas’ JSON output, so I created a custom version. pandas provides DataFrame.to_json() for converting a DataFrame to a JSON string. This method is convenient but its output is still not safe against HTML injection—it needs the escaping that json_script performs. But json_script only accepts an object to turn into a JSON string, and then escape - it cannot operate on a pre-serialized JSON string. You could add the escaping with a chain of: DataFrame.to_json to convert to a JSON string json.loads() to unserialize the result json_script on the result, to re-serialize and escape the result But the repeated serialization is wasteful and would take non-negligible time with large data. Rather than do that, I made a custom template filter that was a modified copy of json_script … -
Weeknotes (2023 week 26)
Weeknotes (2023 week 26)Releases I released updates to a few of my packages; I have continued converting packages to hatchling and ruff while doing that. New releases in the last two weeks include: django-tree-queries 0.15: Added a new function, .without_tree_fields() to the queryset which can be used to avoid the .with_tree_fields(False) boolean trap warning. feincms3-cookiecontrol 1.3.1: This small update allows replacing the feincms3 noembed.com oEmbed code using other libraries such as micawber which support a wider range of URLs while still gating the embed behind users’ explicit consent. feincms3-downloads 0.5.3: Updated translations. django-ckeditor 6.6.1: Updated the bundled CKEditor 4 and merged a pull request adding better integration with Django admin’s dark mode. django-js-asset 2.1: Just basic maintainability and packaging updates. The JS() implementation itself is untouched since February 2022. html-sanitizer 2.0: Not really a backwards incompatible change (at least not according to the tests); I just wanted to avoid 1.10 and go directly to 2.0 this time. GitHub projects We are using GitHub project boards more and more. It definitely isn’t the most versatile way of managing projects but it sort-of hits the sweet spot for us. [I’m mostly happy with it, and it seems to me that applying the … -
Django News - Wagtail Roadmap - Jun 30th 2023
News Introducing the Wagtail Roadmap Curious what's next for Wagtail? There's a roadmap for that. wagtail.org Deprecation of bdist_egg uploads to PyPI PyPI will stop accepting .egg uploads starting August 1, 2023. If you maintain and packages on PyPI, you'll want to know this. pypi.org Updates to Django Updates to Django From Django Review and Triage Team Member Sarah Boyce... Last week we had 10 pull requests merged into Django by 8 different contributors - including 1 first time contributor! Congratulations to Yaser Amiri for having their first commit merged into Django - welcome on board! Now, from Django 5.0, @sensitive_variables and @sensitive_post_parameters supports async functions! Are you excited to contribute but not know where to start? Maybe you're interested in migrations? You could add logging of applied/unapplied migrations #24800 and then you'd be perfect to add contributor documentation for django.db.migrations #24989! Look forward to welcoming you on board! github.com Sponsored Link Learn More About our Django Services At HackSoft, we offer expert Django software development, consultation and support, to help you build robust and scalable software. hacksoft.io Articles COUNTing is hard: A tale of types in SQL and Django The tale of an ORM bug that took several hours … -
Accounts and Email - Building SaaS with Python and Django #164
In this episode, I planned to do the work of sending email prompts for the journal to users. Along the path, we realized that the Account model was missing, so I stopped to build that out before we could proceed. By the end of the stream, we had a working background job that would send email and was 100% unit tested. -
Django News - Bringing Locality of Behavior to Django - Jun 23rd 2023
News The 2023 PSF Board Election is Open! In order to vote in this election, individuals must be a Contributing, Managing, Supporting, or Fellow member as of June 15, 2023, and have confirmed their intention to vote by June 19, 2023. blogspot.com Wagtail 5.0.2 release notes New features and bug fixes in the latest Wagtail version. wagtail.org Announcing Our New Security Developer in Residence! The Python Software Foundation now has a security developer in residence. blogspot.com Updates to Django Updates to Django From Django Review and Triage Team Member Sarah Boyce... Last week we had 13 pull requests merged into Django by 10 different contributors - including 2 first time contributors! Congratulations to Olivier Le Thanh Duong and Ashwin Dharne for having their first commits merged into Django - welcome on board! This time filtering support was added to GIS aggregate functions, and an offset value was added to StepValueValidator! You will be able to use both of these features in 5.0. Do you want to add something into Django 5.0? Why don't you update assertContains and assertInHTML to output a haystack on failure #34657? Look forward to welcoming you on board! github.com Sponsored Link Learn More About our Django … -
First Major Model - Building SaaS with Python and Django #163
In this episode, we got to work on the core modeling for the application. I started by adding some visualization tooling to see the models in the system, then got to modeling of the primary Entry model that will be used throughout the app. Along the way, we set up the Django admin and did some automated testing. -
How to Learn Django (Replay)
Learning Python via Django Considered HarmfulDjango Girls TutorialDjango for BeginnersInstall Python3 on Mac/Windows/Linuxawesome-django repodjango-vanilla-viewsClassy Class-Based Views siteDjango Deployment ChecklistGroupsDjango Users Google GroupStack OverflowSubreddits: LearningDjango and DjangoDjango MeetupsSHAMELESS PLUGSLearnDjango.comCarlton's website Noumenal -
2023 Python Software Foundation Board Nomination
My self-nomination statement for the 2023 Python Software Foundation (PSF) Board Election -
2023 Python Software Foundation Board Nomination
My self-nomination statement for the 2023 Python Software Foundation (PSF) Board Election -
Python Community News Interview
Interview I gave to the “Python Community News” channel regarding my self-nomination for the 2023 Python Software Foundation (PSF) Board of Directors elections. -
FeinCMS is a dead end (but feincms3 is not)
FeinCMS is a dead end (but feincms3 is not) I wouldn’t encourage people to start new sites with FeinCMS. Five years ago I wrote that FeinCMS is used in a few flagship projects which we’re still actively developing, which means that FeinCMS won’t be going away for years to come. That’s still true but less and less so. We’re actively moving away from FeinCMS where we can, mostly towards feincms3 and django-content-editor. FeinCMS lives on in django-content-editor and feincms3; not only in spirit but also in (code) history, since django-content-editor contains the whole history of FeinCMS up to and including the beginning of 2016. The implementation of FeinCMS is too expensive to clean up without breaking backwards compatibility. I still wish I had pursued an incremental way back then which would have allowed us to evolve old projects to the current best way of doing things (tm), but it didn’t happen and I’m not shedding too many tears about that since I’m quite happy with where we’re at today. That basically means that I won’t put any effort into bringing FeinCMS and django-content-editor closer together. I haven’t spent much time on that anyway but now my mind is made up … -
Python + Upsolver: Simplified Realtime Data Workflows
One of the powerful things about Python is its ability to connect disparate tools into one common integrated development experience. In this talk, we’ll explore how to create and run a near real-time pipeline where we consume events from a Kafka topic and transform the data before landing them in the lake, using Upsolver through our Python SDK. In this way, we get exactly-once processing, strong ordering and automatic schema evolution out of the box thanks to the powerful Upsolver engine, but without having to switch to a different UI and building in SQL only. -
Weeknotes (2023 week 24)
Weeknotes (2023 week 24)Life happened and I missed a month of weeknotes. Oh well. django-debug-toolbar 4.1 We have released django-debug-toolbar 4.1. Another cycle where I mostly contributed reviews and not much else. Feels great :-) Going all in on hatch and hatchling I got to know hatch because django-debug-toolbar was converted to it. I was confused as probably anyone else with the new state of packaging in Python world. After listening to a few Podcasts (for example Hatch: A Modern Python Workflow) I did bite the bullet and started converting projects to hatch as mentioned some time ago. I have converted a few other projects in the meantime because the development experience is nicer. Not much, but enough to make it worthwile. feincms3-sites is the latest package I converted. CKEditor 5’s new license and django-ckeditor The pressure is on to maybe switch away from CKEditor 4 since it probably will not be supported after June 2023. It’s totally understandable that the CKEditor 5 license isn’t the same as before, but I’m not sure what that means for the Django integration django-ckeditor which I’m maintaining since a few years. I don’t actually like the new capabilities of CKEditor all that much … -
Django News - Python 3.7 to 3.12 updates - Jun 16th 2023
News New Python 3.7 to 3.11 releases and 3.12.0 beta 2 are now available Another combined release of six separate versions of Python including 3.12.0 beta 2! blogspot.com PEP 703: Making the Global Interpreter Lock Optional (3.12 updates) A very informed discussion on PEP 703 to make the Python GIL optional. python.org Migrate your project to .readthedocs.yaml configuration file v2 An important deprecation announcement from ReadTheDocs: a .readthedocs.yml file will soon be required configuration on all projects. readthedocs.com Django Software Foundation Django Software Foundation June meeting minutes Meeting minutes for DSF Board monthly meeting, June 8, 2023. djangoproject.com Updates to Django Updates to Django Courtesy of Django Review and Triage Team Member Sarah Boyce... Last week we had 16 pull requests merged into Django by 11 different contributors - including 3 first time contributors! Congratulations to XDEv11, EBIBO, and Howard Cox for having their first commits merged into Django - welcome on board! This time there were even more accessibility improvements to the Django admin! For example, active row highlighting was added when in forced color mode. Did you know about forced color mode? I didn't! Love learning about how to make the web more accessible. github.com Sponsored Link Ready … -
Django: A security improvement coming to format_html()
Can you spot the problem with this Django snippet? from django.utils.html import format_html def user_snippet(user): return format_html(f"<em>{user.name}</em>") Well, the problem is that format_html() is passed an already-templated string! Its escaping ability is not being used. If the user name contains HTML, it will be injected into the final output: In [2]: user_snippet(User(name="<script>Bobby Tables</script>")) Out[2]: '<em><script>Bobby Tables</script></em>' Oh no! This is known as an XSS (cross-site-scripting) vulnerability. format_html() exists to protect against XSS, when used correctly. Here’s the correct way to use it: from django.utils.html import format_html def user_snippet(user): return format_html("<em>{}</em>", user.name) format_html() is passed the HTML template and the variables to add into it. It safely escapes any HTML characters in the variables. I’ve seen plenty of the misuse shown in the first pattern, with f-strings, str.format(), and %-formatting. It seems like an easy mistake to make, even an “attractive nuisance”. Two weeks ago, whilst at DjangoCon Europe, I proposed that Django deprecate the ability for format_html() calls without any arguments in Ticket #34609. The ticket was quickly accepted and Bhuvnesh Sharma picked it up and wrote the patch. Mariusz Felisiak reviewed and merged it in commit 094b0bea2c. Thanks both! Starting from Django 5.0, there’ll be a warning if you … -
CSS variables and immutability
Using CSS variables1 to ship customizable CSS in Django apps I have been working with SASS for a long time but have been moving towards writing CSS with a few PostCSS goodies in the last years. At first, I just replaced the $... with var(--...) and didn’t think much about it. The realization that CSS variables can be more than that came later. Edit basic values directly in the browser and immediately see the results! Change CSS depending on media queries or the cascade! With all that power came back the wish to not just ship backend and HTML code in Django apps I (help) maintain but also reusable CSS, with a few overrideable CSS variables for basic changes to the visual style. Loading .scss files from somewhere inside venv/lib/python3.11/site-packages/<package>/styles/ would of course have been possible, but very obscure. Also, not everyone puts their virtualenv at venv, the README instructions for those packages would quickly have become unwieldy. CSS variables paved the way for shipping CSS as a Django static file while still allowing customizability by leveraging the functionality of the browser itself instead of the frontend build toolchain. Patterns for overrideable values A pattern for defining defaults for CSS … -
Django QuerySets Tutorial
A [Django Queryset](https://docs.djangoproject.com/en/dev/ref/models/querysets/) is a collection of (SQL) [queries](https://docs.djangoproject.com/en/4.2/topics/db/queries/) from the database. It is a way to filter and order data that is then presented to the user, typically in … -
Django News - Django bugfix release 4.2.2 - Jun 9th 2023
News Django bugfix release: 4.2.2 Features 11 new bugfixes. See the complete notes for more. djangoproject.com Official Django Merchandise Did you know there is an official Django merchandise store? Represent Django in your community with a t-shirt, sweatshirt, hoody, or baby gear. All proceeds are donated to the Django Software Foundation. threadless.com “Boost Your Git DX” available in early access This is the latest book from Adam Johnson, a member of the Django 5.x Steering Council. His past books include Speed Up Your Django Tests and Boost Your Django DX. adamj.eu Updates to Django Django PRs this week Courtesy of Django Review and Triage Team Member Sarah Boyce... On the week starting May 29th, we had 11 pull requests merged into Django by 10 different contributors - including 5 first time contributors! Congratulations to Kacper Wolkiewicz, Christopher Cave-Ayland, AP Jama, Cheuk Ting Ho and Nina Menezes for having their first commits merged into Django - welcome on board! Included in this week were some accessibility improvements to the Django admin including enabling user zooming on mobile and adding icon descriptions in "Recent Actions" into 5.0. Big thank you to our accessibility team for helping our new contributors at the sprints! … -
Finish Signup and CI - Building SaaS with Python and Django #162
In this episode, I continued on the signup flows that started in the previous stream. We configured the email backend and verified that the end to end signup flow worked. Then I set up the templates system and added the initial templates for the confirmation email the index view of the whole site. The stream ended with configuring test coverage and setting up CI with GitHub Actions and pre-commit.ci -
Django Co-Creator - Simon Willison (Ep 21 Replay)
Simon Willison’s WeblogDatasetteNow by ZeitGoogle Cloud Runsqljs.orgBrython - Python 3 in the browserSquoosh - Image CompressionObservableSimon Willison PyCon 2019 - Instant serverless APIs, powered by SQLiteasgi-corsSHAMELESS PLUGSLearnDjango.comCarlton's website NoumenalDjango News Newsletter -
Django News - djangoproject.com website redesign! - Jun 2nd 2023
News Help us make the djangoproject.com website better The 20tab agency is currently engaged in a pro-bono redesign of the djangoproject.com website. Please fill out this short survey to help. google.com Thinking about running for the Python Software Foundation Board of Directors? Let’s talk! This year’s Board Election Nomination period is open. Current board members want to share what being on the board is like and are making themselves available to answer all your questions about responsibilities, activities, and time commitments via online chat. blogspot.com Enforcement of 2FA for upload.pypi.org began June 1st, 2023 PyPI now requires all uploads from accounts with 2FA enabled to use an API token or Trusted Publisher configuration. pypi.org PEP 594 has been implementated: Python 3.13 removes 20 stdlib modules Python 3.13 removes 20 stdlib modules and Python 3.12 removed 5 stdlib modules. Check out this forum post to see what modules were removed. python.org PEP 658 is now live on PyPI - Packaging Wheels uploaded to PyPI will have their METADATA files served along side them on files.pythonhosted.org , and the appropriate information served in the Simple API to determine if the file as available. python.org Updates to Django Django PRs this week We're … -
New SaaS Signup - Building SaaS with Python and Django #161
In this episode, we dug into the first portion of the journey SaaS. I acquired the domain name of journeyinbox.com for this service. That service is not live yet. We started at the beginning to set up users and sign up features. -
Frequently Asked Questions about Django
## What is Django? Django is a Python web framework that takes care of the difficult parts of web development--authentication, database connection, CRUD (Create, Read, Update, Delete) operations, URL routing, … -
Django News - DjangoCon Europe in Edinburgh starts Monday! - May 26th 2023
News DjangoBook.com This classic domain--first used to host a free book on Django written by Adrian Holovaty and Jacob Kaplan-Moss--is now a community guide to current books on Django. djangobook.com Python 3.12.0 beta 1 released Python 3.12 is still in development. This release, 3.12.0b1, is the first of four planned beta release previews of 3.12. blogspot.com python2.7 will be removed from the python-versions on June 19 GitHub is dropping platform support (actions/setup-python ) for Python 2.7 on June 19th. Python2.7 was officially sunset on January 1, 2020. github.com PyPI was subpoenaed The PSF received three subpoenas from the US Department of Justice for PyPI user data in March and April of 2023. In additional news, PGP signatures will be removed from PyPI going forward. pypi.org Django Feeds A valuable resource on Django tutorials in video, podcast, and book format. djangofeeds.com Updates to Django Django PRs May 14th - 22nd We're trying out a new category, curated by Sarah Boyce, highlighting contributions to the Django codebase. On the week starting May 15th, we had 10 pull requests merged into Django by 8 different contributors - including 3 first time contributors! Congratulations to Julie Rymer, Dingning and Rajeesh Punathil for having their … -
PyGrunn 2023: your API on-the-fly - Jan Murre
(One of my summaries of the May 2023 Dutch PyGrunn conference). API on the fly? The talk is about autogenerating APIs using "Amsterdam Schema". Jan works for datapunt Amsterdam, a project for being transparant as the city of Amsterdam. Your citizens pay taxes, so they have a right to access the open data that the municipality maintains. They have api projects for many datasets. Like "BAG", the official building database. Or a list of the power sockets for the weekly markets. Lots of geographical information. They use postgres, docker containers, ubuntu, python + django + djangorestframework. Developed specific for this project: django gisserver. DSO, digitaal stelsel omgevingswet, is a Dutch API specification for this kind of data. The various sorts of data are all specified in a json format that they call Amsterdam Schema. All data sets are available as geographical layers. They have a custom django management command (import_schemas --create-tables) to read such a json schema file and create the empty tables in the database. He demonstrated (live) how it works. The data was in the dabase and a nice swagger-like page was shown in the website with the option to browse the REST API. There's even support for …
