Does Django render JS on server side? - django

I know that Django has default config of SSR (server-side rendering) but all the articles I have gone through mention that the Django-forms are rendered on server side and then sent to the browser. No specific information on the use case when javascript is mixed in the template.
I want to know if I use jquery tables in my Django template. Does that still render on server side? If yes then how does it render Javascript/jquery on the server-side?
I'd be glad if someone corrects me if my question itself has invalid argument.

JavaScript is for browsers so it doesn't matter if you write it in your template or add a link to it. The only way to render JS on the server-side is to actually have an engine doing that for you which Django doesn't.
What Django's template engine does is it will render the template based on the tags and HTML you provided and sends a valid HTML to the user containing the js code or js files alongside CSS and then browser runs those js and CSS codes and renders the final webpage.

Related

Is there a way in django to update the same page with the response without totally rendering it?

Is there a way in django to update the same page with the response without totally rendering it. I am trying to create a code editor to test. But when I am returning the results my contents are removed. I understand it is because I am rendering the page . I need the contents to retain. How can I do it using redirect? I am including the render statement I used and a screenshot of how it looks here:
Steps:
Handle post request
Program execution code
Save the result in a variable called "message". Then I used
return render(request, 'editor.html', {'message': message})
I want to redirect the message to the same page without rendering a new page.
[Before submission][1]
[After submission][2]
[1]: https://i.stack.imgur.com/BxoLU.png
[2]: https://i.stack.imgur.com/uiEOU.png
Any help will be appreciated. Thank you.
it is possible. using ajax in front-end and render or render_to_string in back-end(Django). using ajax you're able to call a url (with/without data you want to send), then in the views.py you can do anything needed and return render(request,'template.html, context). then in ajax you have success: function (res) { $('#id_of_element').append(res)}. this function in ajax will append the recived response which is a rendered HTML template to the target element.
For that, you have to switch to a different web software paradigm called "single page application", which implies that both, backend and frontend, are functional software components on their own, instead of having a "dumb" HTML frontend that only displays what the backend renders.
In a regular web application, the front end is served from a backend with all the information that is going to display. In a Single Page Application, the front end is served by a server independent of the backend server, and the frontend and backend interact through an API served by the backend.
With this architecture, the frontend component is responsible for requesting and providing data from and to the backend, as well as for displaying the data and getting user's interaction, and the mean for interchanging data with the backend is called an ajax, that is an asynchronous request.
The only language accepted by web browsers is javascript, but there are many frameworks and second level languages that can render a javascript application, like React, Angular, Vue, and many others.

For development purpose, how can I open a Django Jinjia2 template in browser with preliminary rendering (extending, including)?

Problem description
I am starting working on a Django project and the server-side rendering template is a little hard to work with. Usually I develop the front-end application with hot module reload server so that I can see the rendered page during development.
However, for Django project I can only view the site by serving and open from browser. If I open the template directly, the include, extends are not processed, hence CSS and JavaScript are not loaded in the base template.
My question is, is there any tool or workflow that can help develop the Django template in offline so that the style and layout can be rendered properly during development?
Edit: justification
As comment mentioned there are some plugins that supports reload the Django page. However, I would like to know whether it is possible to work with the template HTML totally off the Django server, i.e. work with the html static page? There are some scenarios where I feel it is not suitable:
A page that refreshes slowly: e.g., slow database query before the page can be rendered.
A template that is not accessible normally: e.g., a part of html inside {% if %} that is not normally accessible, such as an error message.
A template that is not yet registered in the urlpatterns routes.
Thank you

How to properly secure asp.net core 3.1 app from XSS attack and display HTML using #Html.Raw()

I have an Asp.Net Core 3.1 razor page app. I'm receiving HTML content from user and that will be displayed back in the browser. It's kind of blog like app where my end user will be given a WYSIWYG editor and then the HTML from user will be encoded and saved in database.
Now when the blog page is requested, I need to decode the HTML content back and display in browser. This make my site vulnerable to XSS attack.
Here is my HTML from user,
<p>blog 5</p><script>alert()</script>
I encode this and save in database,
<p>blog 5</p><script>alert()</script>
Now to render the same,
#Html.Raw(System.Net.WebUtility.HtmlDecode(Model.Blog.Content))
When the page gets rendered it shows javascript alert() box.
if I don`t decode then html string is displayed,
#Html.Raw(Model.Blog.Content)
as shown below,
<p>blog 5</p><script>alert()</script>
I'm confused. Am I doing something wrong here? Please assist and correct me. I need the html to be safe and also it has to display as html in browser than as html string output.
I would recommend using an HTML sanitizer library. One of the more popular ones for .NET is:
https://github.com/mganss/HtmlSanitizer
It is available on Nuget:
https://www.nuget.org/packages/HtmlSanitizer/
This will allow you to whitelist the tags that you want to allow. See the wiki for additional documentation and examples.

Django internal requests

I have project in Django with already written pages. I want to rewrite some of them and put html content using Ajax in Modal window from Twitter Bootstrap. These pages should be internal(access from browser should be forbidden). Is it possible in Django?
You can check request.is_ajax() in the view and send back a different template. I usually do this with passing in a different context variable for the base template that doesn't show any of the usual header, footer, etc. content.

How to include a small and lightweight standalone application inside a web page in django?

I need to add a currency converter and a calculator to my website that runs on the client side.
something similar to a servlet in java.
Adding a client-side "whatever" to a django project is no different than adding an image, or a video, or anything else. Django doesn't particularly care what you put into your templates. It simply renders the templates server-side to parse your template language code, and then serves up a normal web page to the client.
So the answer to your question is... Do whatever you would normally do in an html page to embed your chosen solution into the page.
The only django-specific issues here could be how to source the path to the media using template tags, which is also no different than sourcing static content like images, javascript, and css. You can read more about that on the django docs: Managing static files