| 1 | Hints on programming on HelpIM3. |
|---|
| 2 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 3 | |
|---|
| 4 | * Unicode / utf8 |
|---|
| 5 | To keep the decoding / encoding uniform adhere to the following rules: |
|---|
| 6 | - All encodings on the web and webserver are set to UTF-8 |
|---|
| 7 | - When recieving data one of the first processing steps must be decoding the |
|---|
| 8 | strings from UTF-8 to python unicode objects. |
|---|
| 9 | - All internal processing must be able to handle both strings in plain ascii |
|---|
| 10 | and unicode objects. |
|---|
| 11 | - The last step of the handler is encodig the returned python unicode to UTF-8 |
|---|
| 12 | |
|---|
| 13 | * Escaping output |
|---|
| 14 | Escaping is the responsibility of the templates, they know what language or |
|---|
| 15 | kind of text they spit out and how that should be escaped. Do use the escaping |
|---|
| 16 | functions of the TemplateBase class: then we are sure al escaping has the same |
|---|
| 17 | bugs. |
|---|
| 18 | |
|---|
| 19 | * De-escaping input |
|---|
| 20 | ToDo: this is not nessecary yet. Probably the page-script is the most logical |
|---|
| 21 | place. In that case the PageBase class is the most logical place to include |
|---|
| 22 | functions for that. |
|---|
| 23 | |
|---|
| 24 | * Dynamic loading and paths |
|---|
| 25 | To ensure no modules are dynamicly loaded that aren't meant to be loaded, |
|---|
| 26 | adhere to the following rules: |
|---|
| 27 | - use the HelpIM.dynamicLoad.load function for it |
|---|
| 28 | - hardcode the paths (eg: 'HelpIM.web.pages') where the modules are loaded from |
|---|
| 29 | - make seperate directories for the modules that might be loaded. Place no |
|---|
| 30 | other modules or subdirectories in that directory. |
|---|
| 31 | |
|---|
| 32 | * Preventing SQL-injections |
|---|
| 33 | Use SQLAlchemy, it prevents SQL injections for you. If you need to use |
|---|
| 34 | sqlalchemy.sql.text, always use the collon keywords for variables in your |
|---|
| 35 | queries. |
|---|
| 36 | |
|---|
| 37 | * Input validation |
|---|
| 38 | Yes, do so! It is ok to do it implicitly; to do operations on the input that raise an |
|---|
| 39 | exception if the input is different from what is expected. |
|---|
| 40 | |
|---|
| 41 | * Prefered programming style: |
|---|
| 42 | First of all read pep-8: http://www.python.org/dev/peps/pep-0008/ it is |
|---|
| 43 | very usefull to keep HelpIM readable. |
|---|
| 44 | In HelpIM the following variable naming conventions are used: |
|---|
| 45 | - use long, descriptive variable names, except for variables that are used |
|---|
| 46 | locally and only during a few lines of code. You use a single uppercase |
|---|
| 47 | character for them. Preferably the first character of the type of variable |
|---|
| 48 | they are. |
|---|
| 49 | - use mixedCase, except for class names, use for these CapitalizedWords |
|---|
| 50 | Examples: |
|---|
| 51 | |
|---|
| 52 | templateConfigs = configFunction() |
|---|
| 53 | |
|---|
| 54 | class PageBase: |
|---|
| 55 | |
|---|
| 56 | S = "this is a string to be used locally and for a short period" |
|---|
| 57 | |
|---|
| 58 | |
|---|
