Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

81 lines (57 sloc) 2.656 kb

Features

This is a work in progress feature list of Playdoh.

For a list of useful libraries (bundled with playdoh or not), check out :ref:`libraries <libs>`.

The base: Django

At the time of writing, Playdoh is based on Django 1.3.

Enhancements:

  • jinja2 instead of Django's built-in templating system
  • some helper utils called jingo to tie it into Django.

Scalability

Playdoh's enhancements to raise django apps' scalability:

  • jingo-minify for bundling and minifying CSS and JS assets.

Security

"Secure by default" policy. Security enhancements applied:

  • X-Frame-Options: Deny (part of commonware) set on all responses unless opted out per response.
  • Stronger password hashing for Django's built-in auth system. Default: sha512. Recommendation: bcrypt + HMAC.
  • secure=True and httponly=True :ref:`enabled by default <cookies>` on all cookies set through django's cookie facility, opt-out possible by cookie. (part of commonware).
  • Greatly reduced the need for the use of :ref:`|safe <safe>` in templates, to minimize opportunities for XSS vulnerabilities. The |fe() helper is part of jingo, and django_safeforms is a nugget.
  • bleach library bundled for secure-by-default, but heavily customizable HTML sanitization of user input.
  • Used django-session-csrf to replace Django's built-in, cookie-based CSRF method with a common, session-based method. This mitigates the risk of cookie forging attacks.

Localization

Advanced Localization (L10n) tool chain, focusing on localizable web apps by default.

Tools and enhancements:

  • jinja2's integrated L10n extension based on Babel.
  • Enhanced string extraction tools and template tags through tower.
  • LocaleURLMiddleware, detecting user's preferred content locale and sticking it into the URL: example.com/en-US/stuff.

Testing

Django's built-in test framework. Enhancements:

Jump to Line
Something went wrong with that request. Please try again.