一. CBV
1.views.py
from django.shortcuts import render,HttpResponse #### ------CBV部分 from django.views import View class Login(View): #(继承 View 这个类) #提交方式(常用的) """ get 查 post 创建 put 更新 delete 删除 """ def dispatch(self, request, *args, **kwargs): print('before') obj = super(Login,self).dispatch(request,*args,**kwargs) print('after') return obj def get(self,request): return render(request,'login.html') def post(self,request): print(request.POST.get('user')) return HttpResponse('Login.post')
2.login.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>CBV</title> </head> <body> <form method="POST" action="/login.html"> <input type="text" name="user"/> <input type="submit" value="提交"/> </form> </body> </html>
PS:
form表单提交: GET,POST *** Ajax提交数据: GET,POST (['get'获取, 'post'创建, 'put'更新, 'patch'局部更新, 'delete'删除, 'head', 'options', 'trace'] -> restful规范)
功能:
a.基本使用
b.基于dispatch和继承实现用户登录代码
c.装饰器
from django.utils.decorators import method_decorator 1.--------- get, post方法上 class LoginView(View): def dispatch(self, request, *args, **kwargs): return super(LoginView, self).dispatch(request, *args, **kwargs) def get(self, request): return render(request, 'login.html') @method_decorator(test) def post(self, request): # request.GET # request.POST # 请求头中的:content-type # request.body user = request.POST.get('user') pwd = request.POST.get('pwd') if user == 'tom' and pwd == "123": # 生成随机字符串 # 写浏览器cookie: session_id: 随机字符串 # 写到服务端session: # { # "随机字符串": {'user_info':'tom} # } request.session['user_info'] = "tom" return redirect('/index.html') return render(request, 'login.html') 2.-------dispatch方法上 class LoginView(View): @method_decorator(test) def dispatch(self, request, *args, **kwargs): return super(LoginView, self).dispatch(request, *args, **kwargs) def get(self, request): return render(request, 'login.html') def post(self, request): # request.GET # request.POST # 请求头中的:content-type # request.body user = request.POST.get('user') pwd = request.POST.get('pwd') if user == 'tom' and pwd == "123": # 生成随机字符串 # 写浏览器cookie: session_id: 随机字符串 # 写到服务端session: # { # "随机字符串": {'user_info':'tom} # } request.session['user_info'] = "tom" return redirect('/index.html') return render(request, 'login.html') 3.---------- 类上 @method_decorator(test, name='get') class LoginView(View): def dispatch(self, request, *args, **kwargs): return super(LoginView, self).dispatch(request, *args, **kwargs) def get(self, request): return render(request, 'login.html') def post(self, request): # request.GET # request.POST # 请求头中的:content-type # request.body user = request.POST.get('user') pwd = request.POST.get('pwd') if user == 'tom' and pwd == "123": # 生成随机字符串 # 写浏览器cookie: session_id: 随机字符串 # 写到服务端session: # { # "随机字符串": {'user_info':'tom} # } request.session['user_info'] = "tom" return redirect('/index.html') return render(request, 'login.html') 4.--------特殊:CSRF Token只能加到dispatch from django.views.decorators.csrf import csrf_exempt, csrf_protect class LoginView(View): @method_decorator(csrf_exempt) def dispatch(self, request, *args, **kwargs): return super(LoginView, self).dispatch(request, *args, **kwargs) def get(self, request): return render(request, 'login.html') def post(self, request): # request.GET # request.POST # 请求头中的:content-type # request.body user = request.POST.get('user') pwd = request.POST.get('pwd') if user == 'tom' and pwd == "123": # 生成随机字符串 # 写浏览器cookie: session_id: 随机字符串 # 写到服务端session: # { # "随机字符串": {'user_info':'tom} # } request.session['user_info'] = "tom" return redirect('/index.html') return render(request, 'login.html')
II.xss攻击
- 慎用 safe和mark_safe
- 非要用,一定要过滤关键字
1. urls.py
from app01 import views urlpatterns = [ #url(r'^admin/', admin.site.urls), url(r'^index/', views.index), url(r'^comment/', views.comment), url(r'^test/',views.test), ]
2. views.py
from django.shortcuts import render msg = [] # def comment(request): #先 # if request.method == 'GET': # return render(request,'comment.html') # else: # v = request.POST.get('content') # msg.append(v) # return render(request,'comment.html') def comment(request): #后 if request.method == 'GET': return render(request,'comment.html') else: v = request.POST.get('content') if 'script' in v: return render(request,'comment.html',{'error':'小比崽子'}) else: msg.append(v) return render(request,'comment.html') def index(request): return render(request,'index.html',{'msg':msg}) def test(request): from django.utils.safestring import mark_safe temp = "<a href='http://www.baidu.com'>百度</a>" newtemp = mark_safe(temp) return render(request,'test.html',{'temp':newtemp})
3. HTML.py
1.index.html <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h1>评论</h1> {% for item in msg %} <div>{{ item | safe}}</div> {% endfor %} </body> </html> 2.comment.html <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form method="post" action="/comment/"> <input type="text" name="content"/> <input type="submit" value="提交"/>{{ error }} </form> </body> </html> 3.test.html <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> {{ temp }} </body> </html>