(original) (raw)

We already have a slew of templating utilities (see Cheetah for example).
first of all -- i know there's a bunch of templating engines, but i think it should be a
built-in feature of the language. like boo does. and estr is stronger than simple
$name substitution, like Template does.

Be sure to stay aware of the security risks if the fill-in values are user specified.
that's one major benefit of having it as a builtin type -- you dont have security risks,
as the expression itself is embedded in your code, not something you get from the
outside:

name = raw\_input("what's you name?")
print e"hello {name}"

does not get the \*expression\* from the user, only the \*values\*, so unless the user
causes a buffer overflow with a huge string, he can't run code. the estr object is part
of \*your\* code, which you trust.

If you need this, then consider using a third-party templating module.
that 50-liner estr class i presented does just that.

Using the key twice is basic to templating (once of specify where to
make the substitution and once to specify its value).  This is no
different from using variable names in regular code:   a=1; ... ; b =
a+2  # variable-a is used twice.
but when it's defined once as an argument to a function, once in the template,
and once in the dict, that's three times, where it can be only two.

def f(name):
    print e"hello {name}"

Also, the example is misleading because real-apps are substitute
variables, not constants.  IOW, the above code fragment is sematically
equivalent to:  print "hello john".

what do you mean by that?

3) it is less
flexible than  the class constructor which can be subclassed and
extended as needed.
do you often subclass str? it's a built-in type, part of the language, subclassing it doesnt
make much sense. after all it's the language compiler that instanciates these types, i.e.,
when you do "hello", the compiler creates an instance of str() with that value, not you
directly, and that's the case here.


-tomer

On 4/20/06, Raymond Hettinger <rhettinger@ewtllc.com> wrote:

>
>If you don't like the $name style of template markup and prefer
>delimiters instead, then check-out the recipe at:
>
>     http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/3053
>
>
The link should have been:

   http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/305306