This is a work in progress feature list of Playdoh.
For a list of useful libraries (bundled with playdoh or not), check out libraries <libs>
.
At the time of writing, Playdoh is based on Django 1.3.
Enhancements:
- jinja2 instead of Django's built-in templating system
- some helper utils called jingo to tie it into Django.
Playdoh's enhancements to raise django apps' scalability:
- jingo-minify for bundling and minifying CSS and JS assets.
"Secure by default" policy. Security enhancements applied:
X-Frame-Options: Deny
(part of commonware) set on all responses unless opted out per response.- Stronger password hashing for Django's built-in auth system. Default: sha512. Recommendation: bcrypt + HMAC.
secure=True
andhttponly=True
enabled by default <cookies>
on all cookies set through django's cookie facility, opt-out possible by cookie. (part of commonware).- Greatly reduced the need for the use of
|safe <safe>
in templates, to minimize opportunities for XSS vulnerabilities. The|fe()
helper is part of jingo, and django_safeforms is a nugget. - bleach library bundled for secure-by-default, but heavily customizable HTML sanitization of user input.
- Used django-session-csrf to replace Django's built-in, cookie-based CSRF method with a common, session-based method. This mitigates the risk of cookie forging attacks.
Advanced Localization (L10n) tool chain, focusing on localizable web apps by default.
Tools and enhancements:
- jinja2's integrated L10n extension based on Babel.
- Enhanced string extraction tools and template tags through tower.
- LocaleURLMiddleware, detecting user's preferred content locale and sticking it into the URL: example.com/en-US/stuff.
Django's built-in test framework. Enhancements:
- django-nose, a test runner that uses nose.