Django community: RSS
This page, updated regularly, aggregates Community blog posts from the Django community.
-
Django: Sanitize incoming HTML fragments with nh3
A fairly common situation in a Django project is where you need to store and serve arbitrary HTML fragments. These often come from forms with rich text editors (using HTML’s contenteditable). It’s insecure to trust user-generated HTML fragments since they can contain naughty content like: <script src=https://example.com/evil.js></script> A page containing this content would execute the arbitrary code in evil.js, possibly stealing user details. This technique is a Cross-Site Scripting (XSS) attack. Whilst a strong Content Security Policy can reduce the possible effects of arbitrary content, it’s still best to “sanitize” incoming HTML fragments, allowing only safe content into your database. This way, there’s no chance of future changes allowing XSS attacks through. For years, the Django community has relied on the Bleach package for HTML sanitization, either directly or via django-bleach. But in January this year, Will Kahn-Greene, the Bleach maintainer, announced it was deprecated. This move is due to the underlying HTML parser package, html5lib, going unmaintained. Since 2021, there has been a new package for the task, nh3, created and maintained by Messense Lv. Playing off of “bleach”, it is named after the chemical formula for Ammonia, which is also the name for its underlying HTML parser package. … -
Django Quiz 2023
This evening I held a quiz at the December London Django Meetup Group. The quiz is a regular tradition: this was the fifth quiz that I’ve presented, and the sixth overall. Here it is so you can try it at home - answers are at the bottom. Dates refer to today, the 11th December 2023, so if you’re looking in the future, take that into consideration. Enjoy! The quiz 1. What is the latest released version of Django? 5.0 4.2.8 5 LTS 2023.12 2. Who is the framework named after? Django Freeman, protagonist of the Quentin Tarantino movie Django Unchained The Djanju, or Django, Aboriginal Australian people Django Reinhardt, jazz guitarist Django Tango, inspiration for Tango soda 3. Which transport protocol does HTTP/3 use? QUIC QWIKER TCP/IP Cloudflare Pro 4. What is the outer HTML element for a collapsible section? <collapse> <summary> <details> <revelation> 5. What is the name of the new database-computed field class? VirtualColumn DBComputedField GeneratedField JustComputeItField 6. How many years since Django’s first “Preparing for launch” blog post? 7 16 18 Innumerable 7. What is the management command to create migrations files? createmigrations gen_migrations makemigrations make-database-up-to-date --please 8. Which name did PostgreSQL have before 1996? Postgres GreSQL … -
Tailwind CSS on Python and Heroku - Building SaaS
Tailwind CSS is a fantastic tool for making CSS easy to use on your webapps. On the video, I added Tailwind CSS to my Django app and showed how to use it and deploy it to Heroku (which required some extra configuration for JavaScript support). -
Django: Defer a model field by default
Some models have one or a few large fields that dominate their per-instance size. For example, take a minimal blog post model: from django.db import models class Post(models.Model): blog = models.ForeignKey("Blog", on_delete=models.CASCADE) title = models.TextField() body = models.TextField() body is typically many times larger than the rest of the Post. It can be a good optimization to defer() such fields when not required: def index(request): posts = Post.objects.defer("body") ... Deferred fields are not fetched in the main query, but will be lazily loaded upon access. Deferring large fields can noticeably reduce data transfer, and thus query time, memory usage, and total page load time. When most usage of a model does not require the field, you might want to defer a field by default. Then you don’t need to sprinkle .defer(...) calls everywhere, and can instead use .defer(None) in the few sites where the field is used. Defer by default with a custom base manager To defer fields by default, follow these steps: Create a manager class that makes the appropriate defer() call in its get_queryset() method. Attach the manager to the model, ideally as objects. Make the manager the Model’s base manager by naming it in Meta.base_manager_name. (This manager … -
Tailwind CSS on Python and Heroku - Building SaaS
Tailwind CSS is a fantastic tool for making CSS easy to use on your webapps. On the video, I added Tailwind CSS to my Django app and showed how to use it and deploy it to Heroku (which required some extra configuration for JavaScript support). -
Database generated columns⁽³⁾: GeoDjango & PostGIS
An introduction to database generated columns, using PostgGIS, GeoDjango and the new GeneratedField added in Django 5.0. -
WhiteNoise For Static Files - Building SaaS
This video is all about adding the popular WhiteNoise package into my Django app to serve static files (e.g., CSS, JavaScript, and images) directly from the app. I walk through the process from start to finish and deploy it live to show how things work. -
WhiteNoise For Static Files - Building SaaS
This video is all about adding the popular WhiteNoise package into my Django app to serve static files (e.g., CSS, JavaScript, and images) directly from the app. I walk through the process from start to finish and deploy it live to show how things work. -
Django News - Django 5.0 Released! - Dec 8th 2023
News Django 5.0 released The Django team is happy to announce the release of Django 5.0. The release notes cover a deluge of exciting new features in detail. djangoproject.com Django bugfix release: 4.2.8 Django 4.2.8 fixes several bugs in 4.2.7 and adds compatibility with Python 3.12. djangoproject.com Updates to Django Last week we had 23 pull requests merged into Django by 12 different contributors - including 5 first time contributors! Congratulations to Peter Thomassen, Mark Walker, KimSia Sim, Nathaniel Conroy, and Adrien for having their first commits merged into Django - welcome on board! The main update is 🥁🥁🥁 Django 5.0 is out!!! Huge congratulations to everyone who made this happen and special thank you to the Django Fellows (we couldn't do this without them). Help needed 📢 Are you a selenium expert? Introduce yourself in #contributor-discussions, we have lots of things we'd love to discuss with you! Our Croatian translation coordinator is stepping down, can you step up? Django Newsletter Wagtail CMS Wagtail 5.2.2 release notes Wagtail 5.2.2 adds support for Django 5.0 and includes a half dozen bug fixes. wagtail.org Sponsored Ad Sick of performance issues? Enter Scout's APM tool for Python apps. Easily pinpoint and fix slowdowns … -
Operations, WhiteNoise, and Tailwind - Building SaaS #177
In this episode, I worked through a couple of issues discovered after having the site be operational for real use. From there, we moved onto some fundamental technology and integrated WhiteNoise to handle static files for the application. After adding WhiteNoise, we hooked up Tailwind CSS. -
Django: Fix version 5.0’s URLField.assume_scheme warnings
Since Django’s inception, the web has gradually moved from HTTP to HTTPS, a welcome move for security. But the history has meant older parts of Django have had a lingering HTTP bias. Many of these have been migrated to default to HTTPS instead in previous versions. Django 5.0 starts the migration of another HTTP bias in forms.URLField. The old behaviour: when URLField is provided a URL without a scheme, it assumes it to be “http”: In [1]: from django import forms In [2]: forms.URLField().to_python('example.com') Out[2]: 'http://example.com' Django 5.0 has started a deprecation process to change this default to “https” (Ticket #34380). This version shows a PendingDeprecationWarning when instantiating a URLField: In [1]: from django import forms In [2]: forms.URLField().to_python('example.com') <ipython-...>:1: RemovedInDjango60Warning: The default scheme will be changed from 'http' to 'https' in Django 6.0. Pass the forms.URLField.assume_scheme argument to silence this warning. forms.URLField().to_python('example.com') Out[2]: 'http://example.com' Here’s that warning message in a more readable format: RemovedInDjango60Warning: The default scheme will be changed from 'http' to 'https' in Django 6.0. Pass the forms.URLField.assume_scheme argument to silence this warning. Django 5.1 will turn that into a DeprecationWarning and Django 6.0 will change the default and remove the warning. Here’s the related release note: … -
Operations, WhiteNoise, and Tailwind - Building SaaS with Python and Django #177
In this episode, I worked through a couple of issues discovered after having the site be operational for real use. From there, we moved onto some fundamental technology and integrated WhiteNoise to handle static files for the application. After adding WhiteNoise, we hooked up Tailwind CSS. -
Kolo for Django - Lily Foote
Kolo for Django Lily on GitHub Add Field.db_default for defining database defaults ticket and in the 5.0 release notes Add the ability to use database-level CHECK CONSTRAINTSKivy Support the ShowLearnDjango.comButtonDjango News newsletter -
How to Increase Swap File Size on a Linux Server
Note: This tip should work on most Linux-based servers, such as Ubuntu, Debian, OpenSUSE, Fedora, and CoreOS. A swap space is very handy when our server is running at the limits of its memory. Often, especially on VPS, the swap space file size is very small. You can check the … Read now -
Mercurial Mirror For Django 5.0 Branch
The mirror is up and running since the first beta or so, but I forgot to mention it on the blog. Now that 5.0 is officially released, it seems a perfect timing to fix that. For the record, those mirrors are read-only, and aimed at production (aka “I want an easy way to update Django […] -
Making Decisions: First decide how to decide: “one weird trick” for easier decisions
This is my preferred decision-making process – a version of the “document-discuss-decide” process that I called for at the end of the part 1 in this series. The most important part of this process – its “one weird trick”, if you will – is the way it includes a “how shall we decide?” step. This separates out the meta-question of the decision-making process from the decision itself, which (I’ve found) makes decisions much easier. -
Saturday stream explorer
I was looking for new thing to do to improve my stream. This is mostly me goofing off. -
Saturday stream explorer
I was looking for new thing to do to improve my stream. This is mostly me goofing off. -
Django News - 2024 DSF Board Election Results - Dec 1st 2023
News 2024 DSF Board Election Results The 2024 Django Software Foundation (DSF) Board Election has concluded, electing Jacob Kaplan-Moss, Sarah Abderemane, and Thibaud Colas to two-year terms. Congratulations to the new members and a heartfelt thank you both to departing board members and all nominees. djangoproject.com Updates to Django Last week we had 22 pull requests merged into Django by 12 different contributors - including 3 first time contributors! Congratulations to Prashant Pandey, Standa Opichal, and trontelj for having their first commits merged into Django - welcome on board! Some key updates from last week: From 5.1, RequestFactory/AsyncRequestFactory/Client/AsyncClient/Client now supports a query_params parameter, which accepts a dictionary of query string keys and values. This allows setting query strings on any HTTP methods more easily. Django has started to test against Python 3.13 alpha. Python 3.13 is scheduled to release October 2024, if all goes well we can expect Django to support Python 3.13 from 5.1. 5 release blockers were resolved last week, and a few more this week! Thank you so much to everyone who has been testing 5.0 💚 Django Newsletter Wagtail CMS StreamField Quick Demo Not sure what StreamField is and why it's amazing? We have a demo … -
Switch an Existing Python Project To Ruff
On a recent Building SaaS stream, we switched from using flake8, Black, isort, and bandit completely over to a single tool, Ruff. Watch an experienced Pythonista work through many of the options and do a full conversion to this powerful tool -
Making Decisions: RFC processes are a poor fit for most organizations
The RFC process has been a huge success in defining the standards that run the Internet, but naively adopting this process for your company is a mistake. RFC processes tend to fail at most organizations because they lack a clear decision-making step. -
Switch an Existing Python Project To Ruff
On a recent Building SaaS stream, we switched from using flake8, Black, isort, and bandit completely over to a single tool, Ruff. Watch an experienced Pythonista work through many of the options and do a full conversion to this powerful tool -
Weeknotes (2023 week 48)
Weeknotes (2023 week 48)A few weeks have passed since the last update. The whole family was repeatedly sick with different viruses etc… I hope that the worst is over now. Who knows. 12-factor Django storage configuration I should maybe write a longer and separate post about this, but speckenv has gained support for the Django STORAGES setting. No documentation yet, but it supports two storage backends for now, the file system storage and django-s3-storage, my go-to library for S3-compatible services. Using it looks something like this: from speckenv import env from speckenv_django import django_storage_url STORAGES = { "default": django_storage_url( env( "STORAGE_URL", default="file:./media/?base_url=/media/", warn=True, ), base_dir=BASE_DIR, ), "staticfiles": { "BACKEND": "django.contrib.staticfiles.storage.ManifestStaticFilesStorage", }, } Then, if you want to use S3 you can put something like this in your .env file: STORAGE_URL=s3://access-key:secret@bucket.name.s3.eu-central-1.amazonaws.com/media/ Or maybe something like this, if you want to serve media files without authentication: STORAGE_URL=s3://access-key:secret@bucket.name.s3.eu-central-1.amazonaws.com/media/?aws_s3_public_auth=False&aws_s3_max_age_seconds=31536000 Releases speckenv 6.1.1: See above. feincms3-meta 4.6: York has contributed support for emitting structured data records. Looks nice. No documentation yet. django-tree-queries 0.16.1: .values() and .values_list() queries are now handled better and more consistently than before. -
Message Parsing and Ruff - Building SaaS #176
In this episode, we finished off the core portion of the application by parsing entries out of the messages sent back by SendGrid. We set up the Heroku Scheduler to start the daily flow of emails to get the system started. After completing that, I set up the project to use Ruff instead of the collection of tools used previously. -
Message Parsing and Ruff - Building SaaS with Python and Django #176
In this episode, we finished off the core portion of the application by parsing entries out of the messages sent back by SendGrid. We set up the Heroku Scheduler to start the daily flow of emails to get the system started. After completing that, I set up the project to use Ruff instead of the collection of tools used previously.
