Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into first-request-decorator
Conflicts: flask/app.py
- Loading branch information
Showing
69 changed files
with
2,244 additions
and
556 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
language: python | ||
|
||
python: | ||
- 2.5 | ||
- 2.6 | ||
- 2.7 | ||
- pypy | ||
|
||
before_install: pip install simplejson | ||
|
||
script: python setup.py test | ||
|
||
branches: | ||
except: | ||
- website |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
.. _advanced_foreword: | ||
|
||
Foreword for Experienced Programmers | ||
==================================== | ||
|
||
Thread-Locals in Flask | ||
---------------------- | ||
|
||
One of the design decisions in Flask was that simple tasks should be simple; | ||
they should not take a lot of code and yet they should not limit you. Because | ||
of that, Flask has few design choices that some people might find surprising or | ||
unorthodox. For example, Flask uses thread-local objects internally so that you | ||
don’t have to pass objects around from function to function within a request in | ||
order to stay threadsafe. This approach is convenient, but requires a valid | ||
request context for dependency injection or when attempting to reuse code which | ||
uses a value pegged to the request. The Flask project is honest about | ||
thread-locals, does not hide them, and calls out in the code and documentation | ||
where they are used. | ||
|
||
Develop for the Web with Caution | ||
-------------------------------- | ||
|
||
Always keep security in mind when building web applications. | ||
|
||
If you write a web application, you are probably allowing users to register | ||
and leave their data on your server. The users are entrusting you with data. | ||
And even if you are the only user that might leave data in your application, | ||
you still want that data to be stored securely. | ||
|
||
Unfortunately, there are many ways the security of a web application can be | ||
compromised. Flask protects you against one of the most common security | ||
problems of modern web applications: cross-site scripting (XSS). Unless you | ||
deliberately mark insecure HTML as secure, Flask and the underlying Jinja2 | ||
template engine have you covered. But there are many more ways to cause | ||
security problems. | ||
|
||
The documentation will warn you about aspects of web development that require | ||
attention to security. Some of these security concerns are far more complex | ||
than one might think, and we all sometimes underestimate the likelihood that a | ||
vulnerability will be exploited - until a clever attacker figures out a way to | ||
exploit our applications. And don't think that your application is not | ||
important enough to attract an attacker. Depending on the kind of attack, | ||
chances are that automated bots are probing for ways to fill your database with | ||
spam, links to malicious software, and the like. | ||
|
||
Flask is no different from any other framework in that you the developer must | ||
build with caution, watching for exploits when building to your requirements. | ||
|
||
The Status of Python 3 | ||
---------------------- | ||
|
||
Currently the Python community is in the process of improving libraries to | ||
support the new iteration of the Python programming language. While the | ||
situation is greatly improving there are still some issues that make it | ||
hard for us to switch over to Python 3 just now. These problems are | ||
partially caused by changes in the language that went unreviewed for too | ||
long, partially also because we have not quite worked out how the lower- | ||
level API should change to account for the Unicode differences in Python 3. | ||
|
||
Werkzeug and Flask will be ported to Python 3 as soon as a solution for | ||
the changes is found, and we will provide helpful tips how to upgrade | ||
existing applications to Python 3. Until then, we strongly recommend | ||
using Python 2.6 and 2.7 with activated Python 3 warnings during | ||
development. If you plan on upgrading to Python 3 in the near future we | ||
strongly recommend that you read `How to write forwards compatible | ||
Python code <http://lucumr.pocoo.org/2011/1/22/forwards-compatible-python/>`_. | ||
|
||
Continue to :ref:`installation` or the :ref:`quickstart`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.