define form in yaml file

[Adrian Andreias]

Hello,

I need a way to define a django form through a yaml file (or another text format).
Is there some code that already does this?
I'm trying to not reinvent the wheel.

I can't use simple python classes, since this would user input and would be a security risk and I need a simpler and limited format.

Thanks

[Leonardo S]

Hi,

I'm new to Django and here.

yaml file is commonly used in Rails framework.

Django uses simple python file (settings.py).

What security risk? Have you got any example ?

2013/1/24 Adrian Andreias <adi.an...@gmail.com>

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/bSxNCc8waMUJ.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

[Tom Christie]

Also, you might want to take a look at the Django Forms in an API world talk.

A large portion of that is about serializing form definitions into JSON, for use by both HTML and non-HTML clients. (eg mobile)

The project it talks about is here: https://github.com/WiserTogether/django-remote-forms

I don't think it does anything wrt. to the direction you need, of taking a serialized description and restoring a Form class from it, but it might give you some useful pointers all the same.

Cheers,

  Tom

[Adrian Andreias]

vineri, 25 ianuarie 2013, 00:57:58 UTC+2, Chris Hinds a scris:

Hey,

I've got a project where models, forms and templates are all generated from a single yaml file. It works well here as the forms are long, with a fair amount of layout and plenty of formsets. 

I'm doing a refactor at the moment which should yield some reusable bits. I'd be very happy to share.

In general terms for model/form construction, I transform the original spec it to something that jsonpickle can deliver into type().

Can talk more if this sounds at all interesting.

Cheers

Chris.

[Adrian Andreias]

Hi,

Yes, this sounds interesting.

Push to github if your project allows this. :)

Thank you

vineri, 25 ianuarie 2013, 00:57:58 UTC+2, Chris Hinds a scris:

Hey,

I've got a project where models, forms and templates are all generated from a single yaml file. It works well here as the forms are long, with a fair amount of layout and plenty of formsets. 

I'm doing a refactor at the moment which should yield some reusable bits. I'd be very happy to share.

In general terms for model/form construction, I transform the original spec it to something that jsonpickle can deliver into type().

Can talk more if this sounds at all interesting.

Cheers

Chris.

On Thursday, January 24, 2013 8:02:53 PM UTC, Adrian Andreias wrote:

[Adrian Andreias]

Hi Leonardo,

I was talking about something I want to implement (or looking for a 3rd party implementation), not a standard Django feature.

Users would define forms in format they input, which in turn will be used to generate forms displayed in browser for other users.

If I allow users to input Python code they might input anything they like, for instance they might add in their Python code subprocess.Popen("rm -rf /*") :D.

This is an obvious security no-no, regardless of language or framework.