DOCSLIB.ORG

Werkzeug Documentation Release 0.11.11-Dev November 30, 2016

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Werkzeug Documentation Release 0.11.11-Dev November 30, 2016 Werkzeug Documentation Release 0.11.11-dev November 30, 2016 Contents I Getting Started1 1 Installation3 1.1 Installing a released version..........................3 1.2 Installing the development version.....................4 1.3 virtualenv....................................4 2 Transition to Werkzeug 1.07 2.1 Automatically Rewriting Imports......................7 2.2 Stop Using Deprecated Things........................8 3 Werkzeug Tutorial9 3.1 Introducing Shortly..............................9 3.2 Step 0: A Basic WSGI Introduction...................... 10 3.3 Step 1: Creating the Folders.......................... 11 3.4 Step 2: The Base Structure........................... 11 3.5 Intermezzo: Running the Application.................... 13 3.6 Step 3: The Environment........................... 13 3.7 Step 4: The Routing.............................. 13 3.8 Step 5: The First View............................. 14 3.9 Step 6: Redirect View............................. 16 3.10 Step 7: Detail View............................... 16 3.11 Step 8: Templates................................ 16 3.12 Step 9: The Style................................ 17 3.13 Bonus: Refinements.............................. 18 4 API Levels 19 4.1 Example..................................... 19 4.2 High or Low?.................................. 20 5 Quickstart 21 5.1 WSGI Environment.............................. 21 i 5.2 Enter Request.................................. 22 5.3 Header Parsing................................. 23 5.4 Responses.................................... 25 6 Python 3 Notes 29 6.1 WSGI Environment.............................. 29 6.2 URLs....................................... 30 6.3 Request Cleanup................................ 30 II Serving and Testing 31 7 Serving WSGI Applications 33 7.1 Reloader..................................... 35 7.2 Virtual Hosts.................................. 36 7.3 Shutting Down The Server.......................... 36 7.4 Troubleshooting................................ 37 7.5 SSL........................................ 37 8 Test Utilities 39 8.1 Diving In.................................... 39 8.2 Environment Building............................. 40 8.3 Testing API................................... 41 9 Debugging Applications 47 9.1 Enabling the Debugger............................ 47 9.2 Using the Debugger.............................. 48 9.3 Debugger PIN................................. 49 9.4 Pasting Errors.................................. 50 III Reference 51 10 Request / Response Objects 53 10.1 How they Work................................. 53 10.2 Mutability and Reusability of Wrappers................... 54 10.3 Base Wrappers................................. 54 10.4 Mixin Classes.................................. 67 11 URL Routing 75 11.1 Quickstart.................................... 75 11.2 Rule Format................................... 76 11.3 Builtin Converters............................... 76 11.4 Maps, Rules and Adapters.......................... 78 11.5 Rule Factories.................................. 87 11.6 Rule Templates................................. 88 11.7 Custom Converters............................... 88 11.8 Host Matching................................. 89 ii 12 WSGI Helpers 91 12.1 Iterator / Stream Helpers........................... 91 12.2 Environ Helpers................................ 94 12.3 Convenience Helpers............................. 99 13 Filesystem Utilities 101 14 HTTP Utilities 103 14.1 Date Functions................................. 103 14.2 Header Parsing................................. 104 14.3 Header Utilities................................. 107 14.4 Cookies..................................... 109 14.5 Conditional Response Helpers........................ 110 14.6 Constants.................................... 111 14.7 Form Data Parsing............................... 111 15 Data Structures 115 15.1 General Purpose................................ 115 15.2 HTTP Related.................................. 122 15.3 Others...................................... 133 16 Utilities 135 16.1 HTML Helpers................................. 135 16.2 General Helpers................................ 136 16.3 URL Helpers.................................. 141 16.4 UserAgent Parsing............................... 141 16.5 Security Helpers................................ 142 17 URL Helpers 145 18 Context Locals 155 19 Middlewares 161 20 HTTP Exceptions 163 20.1 Usage Example................................. 163 20.2 Error Classes.................................. 164 20.3 Baseclass..................................... 167 20.4 Special HTTP Exceptions........................... 168 20.5 Simple Aborting................................ 168 20.6 Custom Errors................................. 169 IV Deployment 171 21 Application Deployment 173 21.1 CGI........................................ 173 21.2 mod_wsgi (Apache)............................... 174 21.3 FastCGI..................................... 175 21.4 HTTP Proxying................................. 178 iii V Contributed Modules 179 22 Contributed Modules 181 22.1 Atom Syndication............................... 181 22.2 Sessions..................................... 184 22.3 Secure Cookie.................................. 187 22.4 Cache...................................... 191 22.5 Extra Wrappers................................. 197 22.6 Iter IO...................................... 199 22.7 Fixers...................................... 201 22.8 WSGI Application Profiler.......................... 203 22.9 Lint Validation Middleware.......................... 204 VI Additional Information 205 23 Important Terms 207 23.1 WSGI....................................... 207 23.2 Response Object................................ 207 23.3 View Function................................. 207 24 Unicode 209 24.1 Unicode in Python............................... 209 24.2 Unicode in HTTP................................ 210 24.3 Error Handling................................. 210 24.4 Request and Response Objects........................ 211 24.5 The Filesystem................................. 211 25 Dealing with Request Data 213 25.1 Missing EOF Marker on Input Stream.................... 213 25.2 When does Werkzeug Parse?......................... 213 25.3 How does it Parse?............................... 214 25.4 Limiting Request Data............................. 214 25.5 How to extend Parsing?............................ 214 26 Werkzeug Changelog 217 26.1 Werkzeug Changelog............................. 217 26.2 API Changes.................................. 242 iv Part I GETTING STARTED If you are new to Werkzeug or WSGI development in general you should start here. 1 2 CHAPTER 1 Installation Werkzeug requires at least Python 2.6 to work correctly. If you do need to support an older version you can download an older version of Werkzeug though we strongly recommend against that. Werkzeug currently has experimental support for Python 3. For more information about the Python 3 support see Python 3 Notes. 1.1 Installing a released version 1.1.1 As a Python egg (via easy_install or pip) You can install the most recent Werkzeug version using easy_install: easy_install Werkzeug Alternatively you can also use pip: pip install Werkzeug Either way we strongly recommend using these tools in combination with virtualenv. This will install a Werkzeug egg in your Python installation’s site-packages directory. 1.1.2 From the tarball release 1. Download the most recent tarball from the download page. 2. Unpack the tarball. 3. python setup.py install Note that the last command will automatically download and install setuptools if you don’t already have it installed. This requires a working Internet connection. This will install Werkzeug into your Python installation’s site-packages directory. 3 1.2 Installing the development version 1. Install Git 2. git clone git://github.com/mitsuhiko/werkzeug.git 3. cd werkzeug 4. pip install --editable . 1.3 virtualenv Virtualenv is probably what you want to use during development, and in production too if you have shell access there. What problem does virtualenv solve? If you like Python as I do, chances are you want to use it for other projects besides Werkzeug-based web applications. But the more projects you have, the more likely it is that you will be working with different versions of Python itself, or at least different versions of Python libraries. Let’s face it; quite often libraries break backwards compatibility, and it’s unlikely that any serious application will have zero dependencies. So what do you do if two or more of your projects have conflicting dependencies? Virtualenv to the rescue! It basically enables multiple side-by-side installations of Python, one for each project. It doesn’t actually install separate copies of Python, but it does provide a clever way to keep different project environments isolated. So let’s see how virtualenv works! If you are on Mac OS X or Linux, chances are that one of the following two commands will work for you: $ sudo easy_install virtualenv or even better: $ sudo pip install virtualenv One of these will probably install virtualenv on your system. Maybe it’s even in your package manager. If you use Ubuntu, try: $ sudo apt-get install python-virtualenv If you are on Windows and don’t have the easy_install command, you must install it first. Once you have it installed, run the same commands as above, but without the sudo prefix. Once you have virtualenv installed, just fire up a
Load more

Recommended publications
  • About:Config .Init About:Me About:Presentation Web 2.0 User
    about:config .init about:me about:presentation Web 2.0 User View Technical View Simple Overview Picture Complex Overview Picture Main Problems Statistics I Statistics II .next Targets Of Attack Targets Methods Kinds Of Session Hijacking SQL Injection Introduction Examples SQL Injection Picture Analysis SQL Escaping SQL Escaping #2 SQL Parameter Binding XSS Introduction What Can It Do? Main Problem Types Of XSS Components Involved In XSS Reflected XSS Picture Reflected XSS Analysis (Server Side) Stored XSS Picture Server Side Stored XSS (Local) DOM XSS Example Picture local DOM XSS CSRF Introduction Example Picture CSRF Session Riding Analysis Complex Example Hijack Via DNS + XSS Picture DNS+XSS Combo Cookie Policy Analysis Variant Components .next Misplaced Trust 3rd Party Script Picture Trust 3rd Party Script Analysis Misplaced Trust In Middleware Misplaced Trust In Server­Local Data Picture Local Scripts Analysis Same Origin Policy Frame Policy UI Redressing Introduction Clickjacking Picture Clickjacking Analysis BREAK .next Summary of Defense Strategies "Best Effort" vs. "Best Security" Protection against Hijacking Session Theft Riding, Fixation, Prediction Separate by Trust Validation Why Input Validation at Server Check Origin and Target of Request Validation of Form Fields Validation of File Upload Validation Before Forwarding Validation of Server Output Validation of Target in Client Validation of Origin in Client Validation of Input in Client Normalization What's That? Normalizing HTML Normalizing XHTML Normalizing Image, Audio,
    [Show full text]
  • Database Globalization Support Guide
    Oracle® Database Database Globalization Support Guide 19c E96349-05 May 2021 Oracle Database Database Globalization Support Guide, 19c E96349-05 Copyright © 2007, 2021, Oracle and/or its affiliates. Primary Author: Rajesh Bhatiya Contributors: Dan Chiba, Winson Chu, Claire Ho, Gary Hua, Simon Law, Geoff Lee, Peter Linsley, Qianrong Ma, Keni Matsuda, Meghna Mehta, Valarie Moore, Cathy Shea, Shige Takeda, Linus Tanaka, Makoto Tozawa, Barry Trute, Ying Wu, Peter Wallack, Chao Wang, Huaqing Wang, Sergiusz Wolicki, Simon Wong, Michael Yau, Jianping Yang, Qin Yu, Tim Yu, Weiran Zhang, Yan Zhu This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S.
    [Show full text]
  • Plain Text & Character Encoding
    Journal of eScience Librarianship Volume 10 Issue 3 Data Curation in Practice Article 12 2021-08-11 Plain Text & Character Encoding: A Primer for Data Curators Seth Erickson Pennsylvania State University Let us know how access to this document benefits ou.y Follow this and additional works at: https://escholarship.umassmed.edu/jeslib Part of the Scholarly Communication Commons, and the Scholarly Publishing Commons Repository Citation Erickson S. Plain Text & Character Encoding: A Primer for Data Curators. Journal of eScience Librarianship 2021;10(3): e1211. https://doi.org/10.7191/jeslib.2021.1211. Retrieved from https://escholarship.umassmed.edu/jeslib/vol10/iss3/12 Creative Commons License This work is licensed under a Creative Commons Attribution 4.0 License. This material is brought to you by eScholarship@UMMS. It has been accepted for inclusion in Journal of eScience Librarianship by an authorized administrator of eScholarship@UMMS. For more information, please contact [email protected]. ISSN 2161-3974 JeSLIB 2021; 10(3): e1211 https://doi.org/10.7191/jeslib.2021.1211 Full-Length Paper Plain Text & Character Encoding: A Primer for Data Curators Seth Erickson The Pennsylvania State University, University Park, PA, USA Abstract Plain text data consists of a sequence of encoded characters or “code points” from a given standard such as the Unicode Standard. Some of the most common file formats for digital data used in eScience (CSV, XML, and JSON, for example) are built atop plain text standards. Plain text representations of digital data are often preferred because plain text formats are relatively stable, and they facilitate reuse and interoperability.
    [Show full text]
  • DICOM PS3.5 2021C
    PS3.5​ DICOM PS3.5 2021d - Data Structures and Encoding​ Page 2​ PS3.5: DICOM PS3.5 2021d - Data Structures and Encoding​ Copyright © 2021 NEMA​ A DICOM® publication​ - Standard -​ DICOM PS3.5 2021d - Data Structures and Encoding​ Page 3​ Table of Contents​ Notice and Disclaimer ........................................................................................................................................... 13​ Foreword ............................................................................................................................................................ 15​ 1. Scope and Field of Application ............................................................................................................................. 17​ 2. Normative References ....................................................................................................................................... 19​ 3. Definitions ....................................................................................................................................................... 23​ 4. Symbols and Abbreviations ................................................................................................................................. 27​ 5. Conventions ..................................................................................................................................................... 29​ 6. Value Encoding ...............................................................................................................................................
    [Show full text]
  • Fun with Unicode - an Overview About Unicode Dangers
    Fun with Unicode - an overview about Unicode dangers by Thomas Skora Overview ● Short Introduction to Unicode/UTF-8 ● Fooling charset detection ● Ambigiuous Encoding ● Ambigiuous Characters ● Normalization overflows your buffer ● Casing breaks your XSS filter ● Unicode in domain names – how to short payloads ● Text Direction Unicode/UTF-8 ● Unicode = Character set ● Encodings: – UTF-8: Common standard in web, … – UTF-16: Often used as internal representation – UTF-7: if the 8th bit is not safe – UTF-32: yes, it exists... UTF-8 ● Often used in Internet communication, e.g. the web. ● Efficient: minimum length 1 byte ● Variable length, up to 7 bytes (theoretical). ● Downwards-compatible: First 127 chars use ASCII encoding ● 1 Byte: 0xxxxxxx ● 2 Bytes: 110xxxxx 10xxxxxx ● 3 Bytes: 1110xxxx 10xxxxxx 10xxxxxx ● ...got it? ;-) UTF-16 ● Often used for internal representation: Java, .NET, Windows, … ● Inefficient: minimum length per char is 2 bytes. ● Byte Order? Byte Order Mark! → U+FEFF – BOM at HTML beginning overrides character set definition in IE. ● Y\x00o\x00u\x00 \x00k\x00n\x00o\x00w\x00 \x00t\x00h\x00i\x00s\x00?\x00 UTF-7 ● Unicode chars in not 8 bit-safe environments. Used in SMTP, NNTP, … ● Personal opinion: browser support was an inside job of the security industry. ● Why? Because: <script>alert(1)</script> == +Adw-script+AD4-alert(1)+ADw-/script+AD4- ● Fortunately (for the defender) support is dropped by browser vendors. Byte Order Mark ● U+FEFF ● Appears as:  ● W3C says: BOM has priority over declaration – IE 10+11 just dropped this insecure behavior, we should expect that it comes back. – http://www.w3.org/International/tests/html-css/character- encoding/results-basics#precedence – http://www.w3.org/International/questions/qa-byte-order -mark.en#bomhow ● If you control the first character of a HTML document, then you also control its character set.
    [Show full text]
  • Automatic Detection of Character Encoding and Language
    Automatic Detection of Character Encoding and Language Seungbeom Kim, Jongsoo Park {sbkim,jongsoo}@stanford.edu CS 229, Machine Learning Autumn 2007 Stanford University 1 Introduction their methods, we aimed at a simple algorithm which can be uniformly applied to every charset, and the algorithm The Internet is full of textual contents in various lan- is based on well-established, standard machine learning guages and character encodings, and their communica- techniques. We also studied the relationship between lan- tion across the linguistic borders is ever increasing. Since guage and charset detection, and compared byte-based al- the different encodings are not compatible with one an- gorithms and character-based algorithms. We used Na¨ıve other, communication protocols such as HTTP, HTML, Bayes (NB) and Support Vector Machine (SVM). and MIME are equipped with mechanisms to tag the char- Using the documents downloaded from Wikipedia [6], acter encoding (a.k.a. charset) used in the delivered con- we evaluated different combinations of algorithms and tent. However, as native speakers of a language whose compared them with the universal charset detector in character set does not fit in US-ASCII, we have encoun- Mozilla. We found two promising algorithms. The first tered a lot of web pages and e-mail messages that are one is a simple SVM whose feature is the frequency of encoded in or labeled with a wrong character encoding, byte values. The algorithm is uniform and very easy to which is often annoying or frustrating. Many authors, implement. It also only needs maximum 256 table entries especially of e-mail messages, are not aware of the en- per each charset and the detection time is much shorter coding issues, and their carelessness in choosing correct than other algorithms.
    [Show full text]
  • Web Internationalization
    Web Internationalization Abstract This is an introduction to internationalization on Web Internationalization the World Wide Web. The audience will learn about the standards that provide for global Standards and Practice interoperability and come away with an understanding of how to work with multilingual data on the Web. Character representation and the Unicode-based Reference Processing Model are described in detail. HTML, including HTML5, XHTML, XML (eXtensible Markup Language; for general markup), and CSS (Cascading Style Tex Texin, XenCraft Sheets; for styling information) are given Copyright © 2002-2018 Tex Texin particular emphasis. Internationalization and Unicode Conference IUC42 Web Internationalization Slide 2 Objectives Legend For This Presentation • Describe the standards that define the Icons used to indicate current product support: architecture & principles for I18N on the web • Scope limited to markup languages Google Internet Firefox Chrome Explorer • Provide practical advice for working with Supported: international data on the web, including the design and implementation of multilingual web Partially supported: sites and localization considerations Not supported: • Be introductory level – Condense 3 hours to 75-90 minutes. Caution This presentation and example code are available at: Highlights a note for users or developers to be careful. www.xencraft.com/training/webstandards.html Web Internationalization – Standards and Practice Slide 3 Web Internationalization Slide 4 How does the multilingual Web work? A Simple HTML Example Page • How does the server know – my language? – The encodings my browser supports? • Which Unicode normalization is best? • Are all Unicode characters useful on the Web? • Should I use character escapes or text? • Can CSS designs support multiple languages? Web Internationalization Slide 5 Web Internationalization Slide 6 Copyright © Tex Texin 2018.
    [Show full text]
  • Sphider-Plus Manual
    Sphider-plus manual Content 1. Introduction......................................................................................................................6 2. Version and legal info......................................................................................................6 3. Installation of version 3.0 – 3.2020d..............................................................................7 3.1 Preconditions...................................................................................................................................... 7 3.2 New installation................................................................................................................................... 7 3.3 Updating from version 1 and 2..........................................................................................................10 3.4 Updating from 3.x to 3.y....................................................................................................................10 4. Settings and customizing.............................................................................................12 5. Indexing..........................................................................................................................14 5.1 Various options................................................................................................................................. 14 5.2 Allow other hosts in same domain....................................................................................................15 5.3
    [Show full text]
  • Hitachi Ops Center V10.6.1 Open Source Software Packages
    Hitachi Ops Center V10.6.1 Open Source Software Packages Contact Information: Hitachi Ops Center Project Manager Hitachi Vantara LLC 2535 Augustine Drive Santa Clara, California 95054 Name of Product/Product Component Version License "Java Concurrency in Practice" book 1.0-redhat-4 Creative Commons Attribution annotations 2.5 Generic @agoric/babel-parser 7.10.5 The MIT License @agoric/babel-parser 7.12.11 The MIT License @angular-builders/custom-webpack 8.0.0-RC.0 The MIT License @angular-devkit/build-angular 0.800.0-rc.2 The MIT License @angular-devkit/build-angular 0.901.13 The MIT License @angular-devkit/core 7.3.8 The MIT License @angular-devkit/schematics 7.3.8 The MIT License @angular/animations 9.1.11 The MIT License @angular/animations 9.1.13 The MIT License @angular/cdk 9.2.4 The MIT License @angular/cdk-experimental 9.2.4 The MIT License @angular/cli 8.0.0 The MIT License @angular/cli 9.1.13 The MIT License @angular/common 9.1.11 The MIT License @angular/common 9.1.13 The MIT License @angular/compiler 9.1.11 The MIT License @angular/compiler 9.1.13 The MIT License @angular/compiler-cli 9.1.13 The MIT License @angular/core 7.2.15 The MIT License @angular/core 9.1.11 The MIT License @angular/core 9.1.13 The MIT License @angular/forms 7.2.15 The MIT License @angular/forms 9.1.0-next.3 The MIT License @angular/forms 9.1.11 The MIT License @angular/forms 9.1.13 The MIT License @angular/language-service 9.1.13 The MIT License @angular/platform-browser 7.2.15 The MIT License @angular/platform-browser 9.1.11 The MIT License @angular/platform-browser
    [Show full text]
  • Geonetwork User Manual (PDF)
    GeoNetwork User Manual Release 2.10.4-0 GeoNetwork September 23, 2021 CONTENTS 1 Preface 3 1.1 About this Project............................................3 1.2 License Information...........................................3 1.3 Author Information............................................4 2 Quick Start Guide 5 2.1 Geographic Information Management for all..............................5 2.2 Getting Started..............................................8 2.3 Viewing and Analysing the Data..................................... 21 2.4 Adding a metadata record........................................ 28 2.5 Uploading a New Record using the XML Metadata Insert Tool..................... 46 2.6 Metadata in Spatial Data Management.................................. 50 2.7 New Features............................................... 51 2.8 Installing the software.......................................... 55 2.9 Upgrading to a new Version....................................... 64 3 Administration 65 3.1 System configuration........................................... 65 3.2 Authentication.............................................. 75 3.3 OGC CSW server configuration..................................... 81 3.4 Advanced configuration......................................... 86 3.5 User and Group Administration..................................... 101 3.6 Localization............................................... 107 3.7 System Monitoring............................................ 108 4 Managing Metadata 111 4.1 Templates................................................
    [Show full text]
  • Dataparksearch Engine 4.50: Reference Manual Copyright © 2003-2008 by OOO Datapark Copyright © 2001-2003 by Lavtech.Com Corp
    DataparkSearch Engine 4.50 Reference manual DataparkSearch Engine 4.50: Reference manual Copyright © 2003-2008 by OOO DataPark Copyright © 2001-2003 by Lavtech.com corp. This project is dedicated to Noémie. Table of Contents 1. Introduction............................................................................................................................................1 1.1. DataparkSearch Features.............................................................................................................1 1.2. Where to get DataparkSearch. ....................................................................................................2 1.3. Disclaimer ...................................................................................................................................2 1.4. Authors........................................................................................................................................2 1.4.1. Contributors....................................................................................................................3 2. Installation..............................................................................................................................................4 2.1. SQL database requirements ........................................................................................................4 2.2. Supported operating systems ......................................................................................................4 2.3. Tools required for installation
    [Show full text]
  • Naming Text Encodings to Demystify Them
    Naming Text Encodings to Demystify Them Document #: P1885R6 Date: 2021-08-14 Programming Language C++ Audience: LEWG Reply-to: Corentin Jabot <[email protected]> Peter Brett <[email protected]> If you can’t name it, you probably don’t know what it is If you don’t know what it is, you don’t know what it isn’t Tony Van Eerd Target C++23 Abstract For historical reasons, all text encodings mentioned in the standard are derived from a locale object, which does not necessarily match the reality of how programs and systems interact. This model works poorly with modern understanding of text, ie the Unicode model separates encoding from locales which are purely rules for formatting and text transformations but do not affect which characters are represented by a sequence of code units. Moreover, the standard does not provide a way to query which encodings are expected or used by the environment, leading to guesswork and unavoidable UB. This paper introduces the notions of literal encoding, environment encoding, and a way to query them. Examples Listing the encoding #include <text_encoding> #include <iostream> void print(const std::text_encoding & c) { std::cout << c.name() << " (iana mib: " << c.mib() << ")\n" << "Aliases:\n"; 1 for(auto && a : c.aliases()) { std::cout << '\t' << a << '\n'; } } int main() { std::cout << "Literal Encoding: "; print(std::text_encoding::literal()); std::cout << "Wide Literal Encoding: "; print(std::text_encoding::wide_literal()); std::cout << "environment Encoding: "; print(std::text_encoding::environment());
    [Show full text]