python(Django之组合搜索、JSONP、XSS过滤 )
一、组合搜索
二、jsonp
三、xss过滤
一、组合搜索
首先,我们在做一个门户网站的时候,前端肯定是要进行搜索的,但是如果搜索的类型比较多的话,怎么做才能一目了然的,这样就引出了组合搜索的这个案例。
urls.py
from django.conf.urls import url
from . import views urlpatterns = [
url(r'^index.html/$',views.index),
url(r'^article/(?P<article_type>\d+)-(?P<category>\d+).html/$',views.article)
]
html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<style>
.condition a{
display:inline-block;
padding: 3px 5px;
border: 1px solid black;
}
.condition a.active{
background-color: brown;
}
</style>
</head>
<body>
<h2>过滤条件</h2> <div class="condition">
{% if kwargs.article_type == 0 %}
<a href="/article/0-{{ kwargs.category }}.html" class="active">全部</a>
{% else %}
<a href="/article/0-{{ kwargs.category }}.html">全部</a>
{% endif %} {% for row in article_type %}
{% if row.id == kwargs.article_type %}
<a class="active" href="/article/{{ row.id }}-{{ kwargs.category }}.html">{{ row.caption }}</a>
{% else %}
<a href="/article/{{ row.id }}-{{ kwargs.category }}.html">{{ row.caption }}</a>
{% endif %}
{% endfor %}
</div> <div class="condition">
{% if kwargs.category == 0 %}
<a class="active" href="/article/{{ kwargs.article_type }}-0.html">全部</a>
{% else %}
<a href="/article/{{ kwargs.article_type }}-0.html">全部</a>
{% endif %} {% for row in category %}
{% if row.id == kwargs.category %}
<a class="active" href="/article/{{ kwargs.article_type }}-{{ row.id }}.html">{{ row.caption }}</a>
{% else %}
<a href="/article/{{ kwargs.article_type }}-{{ row.id }}.html">{{ row.caption }}</a>
{% endif %}
{% endfor %}
</div> <h2>查询结果</h2>
<ul>
{% for row in articles %}
<li>{{ row.id }}-{{ row.title }}------[{{ row.article_type.caption }}]-[{{ row.category.caption }}]</li>
{% endfor %}
</ul>
</body>
</html> article.html
数据库结构:
from django.db import models # Create your models here. class Categoery(models.Model):
caption = models.CharField(max_length=16) class ArticleType(models.Model):
caption = models.CharField(max_length=16) class Article(models.Model): title = models.CharField(max_length=32)
content = models.CharField(max_length=255) category = models.ForeignKey(Categoery)
article_type = models.ForeignKey(ArticleType)
处理文件:
from . import models
def article(request,*args,**kwargs): search_dict = {}
for key,value in kwargs.items():
kwargs[key] = int(value) # 把字符类型转化为int类型 方便前端做if a == b 这样的比较
if value !='':
search_dict[key] = value
articles = models.Article.objects.filter(**search_dict) # 字典为空时表示搜索所有 article_type = models.ArticleType.objects.all()
category = models.Categoery.objects.all() return render(request,'article.html',{'articles':articles,
'article_type':article_type,
'category':category ,
'kwargs':kwargs})
访问的url访问路径格式http://127.0.0.1:8000/article/0-0.html ,第一个0表示article_type字段,第二个0表示category字段,如果为零时,表示搜索此字段全部信息,第二个关键点是生成字典search_dict进行相关的搜索,如果是0表示搜索全部;第三个关键点,也是很巧妙的一个方式,把参数kwargs再次传到前端!
3、simple_tag优化 上面的功能:
数据库文件:
from django.db import models
# Create your models here.
class Categoery(models.Model):
caption = models.CharField(max_length=16) class ArticleType(models.Model):
caption = models.CharField(max_length=16) class Article(models.Model):
title = models.CharField(max_length=32)
content = models.CharField(max_length=255) category = models.ForeignKey(Categoery)
article_type = models.ForeignKey(ArticleType)
# type_choice = [
# (1,'Python'),
# (2,'Linux'),
# (3,'大数据'),
# (4,'架构'),
# ]
# article_type_id = models.IntegerField(choices=type_choice)
后台处理:
from django.shortcuts import render
from django.shortcuts import HttpResponse # Create your views here. def index(request): return HttpResponse('Ok') from . import models
def article(request, *args, **kwargs):
search_dict = {}
for key, value in kwargs.items():
kwargs[key] = int(value) # 把字符类型转化为int类型 方便前端做if a == b 这样的比较
if value != '':
search_dict[key] = value
articles = models.Article.objects.filter(**search_dict) # 字典为空时表示搜索所有 article_type = models.ArticleType.objects.all() print(article_type)
category = models.Categoery.objects.all() return render(request, 'article.html', {'articles': articles,
'article_type': article_type,
'category': category,
'kwargs': kwargs})
Views.py
{% load filter %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<style>
.condition a{
display:inline-block;
padding: 3px 5px;
border: 1px solid black;
}
.condition a.active{
background-color: brown;
}
</style>
</head>
<body>
<h2>过滤条件</h2>
<div class="condition">
{% filter_all kwargs 'article_type'%} {% filter_single article_type kwargs 'article_type'%}
</div>
<div class="condition">
{% filter_all kwargs 'category'%}
{% filter_single category kwargs 'category'%}
</div> <h2>查询结果</h2>
<ul>
{% for row in articles %}
<li>{{ row.id }}-{{ row.title }}------[{{ row.article_type.caption }}]-[{{ row.category.caption }}]</li>
{% endfor %}
</ul>
</body>
</html>
article.html
创建templatetags目录,在目录下创建filter.py文件
from django import template
from django.utils.safestring import mark_safe
register = template.Library() @register.simple_tag
def filter_all(kwargs,type_str):
print(type_str)
if type_str == 'article_type':
if kwargs['article_type'] == 0:
tmp = '<a href = "/article/0-%s.html" class ="active" > 全部 </a>'%(kwargs['category'])
else:
tmp = '<a href = "/article/0-%s.html"> 全部 </a>'%(kwargs['category']) elif type_str == 'category':
if kwargs['category'] == 0:
tmp = '<a href = "/article/%s-0.html" class ="active" > 全部 </a>' % (kwargs['article_type'])
else:
tmp = '<a href = "/article/%s-0.html"> 全部 </a>' % (kwargs['article_type']) return mark_safe(tmp) @register.simple_tag()
def filter_single(type_obj,kwargs,type_str): print(type_str)
tmp = ''
if type_str == 'article_type':
for row in type_obj:
if row.id == kwargs['article_type']:
tag = '<a class="active" href="/article/%s-%s.html">%s</a>\n'%(row.id,kwargs['category'],row.caption)
else:
tag = '<a href="/article/%s-%s.html">%s</a>\n' % (row.id, kwargs['category'],row.caption)
tmp +=tag
elif type_str == 'category':
for row in type_obj:
if row.id == kwargs['category']:
tag = '<a class="active" href="/article/%s-%s.html">%s</a>\n' % (kwargs['article_type'],row.id, row.caption)
else:
tag = '<a href="/article/%s-%s.html">%s</a>\n' % (kwargs['article_type'], row.id, row.caption)
tmp += tag return mark_safe(tmp)
filter.py
{% load filter %}
<body>
<h2>过滤条件</h2>
<div class="condition">
{% filter_all kwargs 'article_type'%} {% filter_single article_type kwargs 'article_type'%}
</div>
<div class="condition">
{% filter_all kwargs 'category'%}
{% filter_single category kwargs 'category'%}
</div> <h2>查询结果</h2>
<ul>
{% for row in articles %}
<li>{{ row.id }}-{{ row.title }}------[{{ row.article_type.caption }}]-[{{ row.category.caption }}]</li>
{% endfor %}
</ul>
</body>
article.html
二、jsonp
JSONP(JSON with Padding)是JSON的一种“使用模式”,可用于解决主流浏览器的跨域数据访问的问题。由于同源策略,一般来说位于 server1.example.com 的网页无法与不是 server1.example.com的服务器沟通,而 HTML 的<script> 元素是一个例外。利用 <script> 元素的这个开放策略,网页可以得到从其他来源动态产生的 JSON 资料,而这种使用模式就是所谓的 JSONP。用 JSONP 抓到的资料并不是 JSON,而是任意的JavaScript,用 JavaScript 直译器执行而不是用 JSON 解析器解析。
原理:
- - 创建script标签
- - src=远程地址
- - 返回的数据必须是js格式
- - 只能发GET请求
1、什么是同源策略?
import requests
def jsonp(request):
# 获取url信息
response = requests.get('http://weatherapi.market.xiaomi.com/wtr-v2/weather?cityId=101121301')
response.encoding = 'utf-8' # 进行编码 return render(request,'jsonp.html',{'result':response.text}) # response.text 请求内容
处理文件
<body>
<h1>后台获取的结果</h1>
{{ result }}
<h1>js直接获取结果</h1>
<input type="button" value="获取数据" onclick="getContent();" />
<div id="container"></div>
<script src="/static/jquery-1.8.2.js"></script>
<script>
function getContent() {
var xhr = new XMLHttpRequest(); // 创建对象
xhr.open('GET', 'http://weatherapi.market.xiaomi.com/wtr-v2/weather?cityId=101121301'); // GET方式打开
xhr.onreadystatechange = function () { // 收到返回值时执行
console.log(xhr.responseText);
};
xhr.send() // 发送
}
</script>
</body>
html
点击js直接获取结果时,浏览器显示下面报错信息,由于浏览器只接受http://127.0.0.1:8000发过来的信息,对于天气网站发过来的信息直接屏蔽掉了,这就是同源策略,解决办法如下:
XMLHttpRequest cannot load http://weatherapi.market.xiaomi.com/wtr-v2/weather?cityId=101121301. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
利用script标签src属性
注意:script标签不受同源策略的影响
import requests
def jsonp(request):
# 获取url信息
response = requests.get('http://weatherapi.market.xiaomi.com/wtr-v2/weather?cityId=101121301')
response.encoding = 'utf-8' # 进行编码 return render(request,'jsonp.html',{'result':response.text}) # response.text 请求内容 def jsonp_api(request):
return HttpResponse('alert(123)')
处理文件
<body>
<h1>后台获取的结果</h1>
{{ result }}
<h1>js直接获取结果</h1>
<input type="button" value="获取数据" onclick="getContent();" />
<div id="container"></div>
<script>
function getContent() {
var tag = document.createElement('script');
tag.src = '/jsonp_api.html';
document.head.appendChild(tag);
// document.head.removeChild(tag);
}
</script>
</body>
html文件
注:js请求时为了方便,请求的还是当前程序url;点击按钮后alert弹出了另外一个函数的处理结果,表明script获取信息成功
对上面的处理文件稍加改动
def jsonp(request): return render(request,'jsonp.html') # response.text 请求内容 def jsonp_api(request):
func = request.GET.get('callback') # 获取用户callback参数
content = '%s(10000)'%func # 执行func(10000)函数 return HttpResponse(content)
处理文件
<body>
<h1>后台获取的结果</h1>
{{ result }}
<h1>js直接获取结果</h1>
<input type="button" value="获取数据" onclick="getContent();" />
<div id="container"></div>
<script>
function getContent() {
var tag = document.createElement('script');
tag.src = '/jsonp_api.html?callback=list'; // 自定义callback参数,与后台达成默契
document.head.appendChild(tag);
// document.head.removeChild(tag);
}
function list(arg){ // 自定义函数与callback=list相对应
alert(arg);
}
</script>
</body>
html
js发请求时,带上callback参数,然后定义参数对应的方法,后台会把数据传入此方法内并且执行执行;至于要打印还是弹框,就看用户自己的需求去处理了;jsonp的原理和实现过程就是上述代码的实现
加上ajax:
import requests
def jsonp(request):
response = requests.get('http://www.jxntv.cn/data/jmd-jxtv2.html?callback=list&_=1454376870403')
response.encoding = 'utf-8' # 进行编码 return render(request, 'jsonp.html', {'result': response.text}) # response.text 请求内容
处理文件
<body>
<h1>后台获取的结果</h1>
{{ result }}
<h1>js直接获取结果</h1>
<input type="button" value="获取数据" onclick="getContent();" />
<div id="container"></div>
<script src="/static/jquery-1.8.2.js"></script>
<script>
function getContent() {
$.ajax({
url: 'http://www.jxntv.cn/data/jmd-jxtv2.html?callback=list&_=1454376870403',
type: 'POST',
dataType: 'jsonp', // 即使写的type是POST也是按照GET请求发送
jsonp: 'callback',
jsonpCallback: 'list'
});
} function list(arg){ // 自定义函数与callback=list相对应
console.log(arg);
var data = arg['data'];
for(k in data){
var tr = document.createElement('td');
var week = data[k]['week'];
var list = data[k]['list'];
tr.textContent =week
document.body.appendChild(tr);
console.log(week);
for(i in list){
var name = list[i]['name'];
console.log(name)
}}}
</script>
</body>
html
list({data:[ { "week":"周日", "list":[ { "time":"", "name":"通宵剧场六集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》60分钟精编版(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《e早晨报》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"精选剧场四集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市60分》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《谁是赢家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"女性剧场三集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》精编版", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》90分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市情缘》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《晚间800》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第1集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第2集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《拍案》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"江西新闻联播(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"都市晚剧场", "link":"http://www.jxntv.cn/live/jxtv2.shtml" } ] }, { "week":"周一", "list":[ { "time":"", "name":"通宵剧场六集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》60分钟精编版(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《e早晨报》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"精选剧场四集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市60分》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《谁是赢家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"女性剧场三集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》精编版", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》90分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市情缘》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《晚间800》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第1集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第2集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《拍案》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"江西新闻联播(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"都市晚剧场", "link":"http://www.jxntv.cn/live/jxtv2.shtml" } ] },{ "week":"周二", "list":[ { "time":"", "name":"通宵剧场六集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》60分钟精编版(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《e早晨报》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"精选剧场四集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市60分》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《谁是赢家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"女性剧场三集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》精编版", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》90分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市情缘》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《晚间800》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第1集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第2集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《拍案》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"江西新闻联播(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"都市晚剧场", "link":"http://www.jxntv.cn/live/jxtv2.shtml" } ] },{ "week":"周三", "list":[ { "time":"", "name":"通宵剧场六集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》60分钟精编版(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《e早晨报》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"精选剧场四集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市60分》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《谁是赢家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"女性剧场三集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》精编版", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》90分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市情缘》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《晚间800》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第1集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第2集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《拍案》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"江西新闻联播(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"都市晚剧场", "link":"http://www.jxntv.cn/live/jxtv2.shtml" } ] },{ "week":"周四", "list":[ { "time":"", "name":"通宵剧场六集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》60分钟精编版(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《e早晨报》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"精选剧场四集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市60分》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《谁是赢家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"女性剧场三集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》精编版", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》90分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市情缘》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《晚间800》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第1集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第2集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《拍案》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"江西新闻联播(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"都市晚剧场", "link":"http://www.jxntv.cn/live/jxtv2.shtml" } ] },{ "week":"周五", "list":[ { "time":"", "name":"通宵剧场六集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》60分钟精编版(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《e早晨报》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"精选剧场四集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市60分》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《谁是赢家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"女性剧场三集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》精编版", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》90分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市情缘》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《晚间800》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第1集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第2集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《拍案》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"江西新闻联播(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"都市晚剧场", "link":"http://www.jxntv.cn/live/jxtv2.shtml" } ] },{ "week":"周六", "list":[ { "time":"", "name":"通宵剧场六集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》60分钟精编版(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《e早晨报》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"精选剧场四集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市60分》60分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《谁是赢家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"女性剧场三集连播", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《快乐生活一点通》精编版", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《地宝当家》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市现场》90分钟直播版块", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市情缘》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《晚间800》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第1集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《都市剧场》黄金剧(第2集)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"《拍案》", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"江西新闻联播(重播)", "link":"http://www.jxntv.cn/live/jxtv2.shtml" }, { "time":"", "name":"都市晚剧场", "link":"http://www.jxntv.cn/live/jxtv2.shtml" } ] }] });
获取到的网站最近栏目信息
三、xss过滤
分析:
例如,我们在博客网站发表了一篇论文,结果这里面有很多我们写的代码,那为什么浏览器不会把我们写的代码处理呢,而是当做一个纯字符串处理。还有就是总有人评论的时候想搞点xss攻击,那浏览器又是怎么知道这些“违法”代码不处理的呢,所以引出了xss过滤。
示例一:简单的标签过滤
注意:提前安装BeautifulSoup
pip install beatifulsoup4
html = '''
<p class="story">
<a href="http://example.com/lacie" class="sister" id="link2">Lacie</a> and
<div name='root'>Once upon a time there w</div>
</p>
<p>
<div>Once upon a time there w</div>
</p>
<script>alert(123)</script>
'''
html
清空<script>标签、a标签的class属性:
from bs4 import BeautifulSoup
soup = BeautifulSoup(html,'html.parser') # html.parser内部解析器 会把字符串转化成有结构的文档
tag = soup.find('script') # tag <script>alert(123)</script> 找到的标签
tag.hidden = True # <script>标签消失
tag.clear() # 清空标签内容 a = soup.find('a') # 删除a标签的class属性
del a.attrs['class'] # {'href': 'http://example.com/lacie', 'id': 'link2', 'class': ['sister']} content = soup.decode() # 把对象转化为字符串
print(content)
'''
<p class="story">
<a href="http://example.com/lacie" id="link2">Lacie</a> and
<div name="root">Once upon a time there w</div>
</p>
<p>
<div>Once upon a time there w</div>
</p>
'''
后台处理
通过白名单进行操作:
from bs4 import BeautifulSoup
tags ={ # 设置白名单
'p':['class'],
'div':['id']
}
soup = BeautifulSoup(html,'html.parser') # html.parser内部解析器 会把字符串转化成有结构的文档
for tag in soup.find_all(): # tag.name 先找子子孙孙、然后再往下找
if tag.name in tags: # p a div p div script 一次循环的标签
for k in list(tag.attrs.keys()): # 不在白名单对应的属性进行删除
if k not in tags[tag.name]:
del tag.attrs[k]
else: # 不在白名单的标签删除
tag.hidden = True
tag.clear() content = soup.decode() # 把对象转化为字符串
print(content) '''
<p class="story">
and
<div>Once upon a time there w</div>
</p>
<p>
<div>Once upon a time there w</div>
</p>
'''
后台处理
博客XSS过滤
XSSFilter文件:
from bs4 import BeautifulSoup class XSSFilter(object):
__instance = None def __init__(self):
# XSS白名单
self.valid_tags = {
"font": ['color', 'size', 'face', 'style'],
'b': [],
'div': [],
"span": [],
"table": [
'border', 'cellspacing', 'cellpadding'
],
'th': [
'colspan', 'rowspan'
],
'td': [
'colspan', 'rowspan'
],
"a": ['href', 'target', 'name'],
"img": ['src', 'alt', 'title'],
'p': [
'align'
],
"pre": ['class'],
"hr": ['class'],
'strong': []
} def __new__(cls, *args, **kwargs):
"""
单例模式
:param cls:
:param args:
:param kwargs:
:return:
"""
if not cls.__instance:
obj = object.__new__(cls, *args, **kwargs)
cls.__instance = obj
return cls.__instance def process(self, content):
soup = BeautifulSoup(content, 'html.parser')
# 遍历所有HTML标签
for tag in soup.find_all(recursive=True):
# 判断标签名是否在白名单中
if tag.name not in self.valid_tags:
tag.hidden = True
if tag.name not in ['html', 'body']:
tag.hidden = True
tag.clear()
continue
# 当前标签的所有属性白名单
attr_rules = self.valid_tags[tag.name]
keys = list(tag.attrs.keys())
for key in keys:
if key not in attr_rules:
del tag[key] return soup.decode()
content = form.cleaned_data.pop('content') # 移出 content需要在表ArticleDetail上手动添加、关联Article
content = XSSFilter().process(content) # 对content进行数据过滤 过滤到script等标签
调用方式
上面代码用到了面向对象的单例模式-》》http://www.cnblogs.com/lianzhilei/p/5838821.html
python(Django之组合搜索、JSONP、XSS过滤 )的更多相关文章
- Django之组合搜索组件(二)--另附simple_tag的创建使用方法
这次的代码为Django之组合搜索组件(一)的改版,实现的结果和(一)相同,不同的是,这次运用simple_tag方式,使.html程序简化 所以现在就开始编程吧! 首先想使用simple_tag方法 ...
- Django实现组合搜索
一.实现方法 1.纯模板语言实现 2.自定义simpletag实现(本质是简化了纯模板语言的判断) 二.基本原理 原理都是通过django路由系统,匹配url筛选条件,将筛选条件作为数据库查询结果,返 ...
- Django之组合搜索组件(一)
什么是组合搜索呢? 比如你想买车,但手里只有10万块!所以你只能在10万块的车里挑选,但你喜欢黑色,因为觉得很高端大气上档次,说白了就是装逼杠杠的!之后售车姐给你拿了个表表,你看到了低于10万块且颜色 ...
- Django实现组合搜索的方法示例
目录 一.实现方法 二.基本原理 三.代码样例 方法1:纯模板语言实现 方法二:使用simpletag实现 四.其他变化 1.model定义 2.处理函数变化 3.simpletag相应改变 一. ...
- Django中组合搜索功能
需求分析 很多电商网站中有组合搜索的功能,所谓组合搜索就是网页中组合多个条件,对数据库中进行查询,并且将结果显示在页面中,看个例子吧: 注意红框中的标识,我们可以根据URL来做组合搜索. video- ...
- Django学习---组合搜索组件
组合搜索组件 我们都会写博客,写文章之后我们要给文章设置目录,设置类型.之后我们在浏览文章的时候就能够按类别进行精确定位到文章,那这个组合搜索我们应该怎么做呢? 首先我们先创建3张表,分别存放文章,文 ...
- Django 之组合搜索
现在很多网站都会有这样的组合搜索功能,其实质是几个模型之间组合对数据库进行查询,并将结果显示到页面上. 每一行都是一个模型,模型之间有着连表关系(一对多.多对多等) 模型设计 总共四个模型:分别为方向 ...
- Django实现瀑布流,组合搜索
Django中组合搜索功能 需求分析 很多电商网站中有组合搜索的功能,所谓组合搜索就是网页中组合多个条件,对数据库中进行查询,并且将结果显示在页面中,看个例子吧: 注意红框中的标识,我们可以根据URL ...
- django实现瀑布流、组合搜索、阶梯评论、验证码
django实现图片瀑布流布局 我们在一些图片网站上经常会看到,满屏都是图片,而且图片都大小不一,却可以按空间排列.默认一个div是占用一行,当想把div里的图片并排显示的时候,只能使用float属性 ...
随机推荐
- hive 压缩 差不多出来数据 各种压缩 数据格式
待学习 DeprecatedLzoTextInputFormat
- echarts 中国地图实现 省、市、区县三级联动,省级下钻、市级下钻
每天学习一点点 编程PDF电子书.视频教程免费下载:http://www.shitanlife.com/code 效果如下图: 每天学习一点点 编程PDF电子书.视频教程免费下载:http://www ...
- lelnet爱一直在
[root@elk3 ~]# telnet 192.168.122.135 22 Trying 192.168.122.135... 这意味着telnet 没有收到任何回应来建立连接.有两个可能的原因 ...
- postman简介及基本用法
从分层测试角度来说,接口测试是相对来说性价比最高的,且作为功能测试进阶的必备技能,接口测试值得大家都去学习掌握. 工欲善其事,必先利其器,好的工具能更好的帮助工程师更高效率的完成工作. 常见的接口测试 ...
- 理解MySql的锁&事务隔离级别
这几篇文章是从网上(http://www.hollischuang.com)看到的一系列文章,也是重温了一下数据库的相关知识.下面是对这些文章的一些前后行文逻辑的说明: 我们知道,在DBMS的多个事业 ...
- mskitten
简介 一个普普通通的Java程序员,在某制造业外企工作. 技术栈 主要是Core Java,准备向Java Web挺进. 非计算机专业学生,在努力提升计算机基本素养(操作系统.算法).有好书好资源欢迎 ...
- 面试 10:玩转 Java 选择和插入排序,附冒泡最终源码
昨天给大家讲解了 Java 玩转冒泡排序,大家一定觉得并没有什么难度吧,不知道大佬们玩转了吗?不知道大家有没有多加思考,实际上在我们最后的一种思路上,还可以再继续改进. 我们先看看昨天最终版本的代码. ...
- Omi 拥抱 60FPS 的 Web 动画
写在前面 Omi 框架 正式发布了 → omi-transform. Made css3 transform super easy. Made 60 FPS easy. 作为 Omi 组件化开发特效运 ...
- WinForm 之 窗口最小化到托盘及右键图标显示菜单
Form最小化是指整个Form都缩小到任务栏上,但是窗体以Form的标题栏形式显示在任务栏上, 若是想让Form以Icon的形式显示在任务栏右下角,则需要给Form添加一个NotifyIcon控件. ...
- C\S 架构 DNS服务器 交换机 路由器
------------------------只有不快的斧,没有劈不开的柴;只有想不到的人,没有做不到的事.想干总会有办法,不想干总会有理由!# -------------------------- ...