evoque

Coming in at 992 SLOC. And 147 of those SLOC are consumed by the generic decodeh module for guessing a string's encoding. On the other hand this number does not include the code for the unit tests or the benchmarks.

All internal processing is done on unicode string instances. There is no output encoding -- output is always in unicode. Applications may encode liberally.

Evoque includes an advanced encoding guessing algorithm for decoding all template input/source files or strings that may be in any encoding: as a hint to help Evoque make the correct guess, an input_encoding may be specified on each Template, or set as the default for a Collection, or as the Domain-wide default (that by default is "utf_8").

Templates are organized in collections in a domain, and applications may define more than one domain. All templates within the same domain are addressable and invokable by each other, and share the same evaluation globals. On the other hand, templates in different domains are completely isolated from each other and are evaluated in distinct contexts.

Conditionals, loops, nested templates, evoque'ations, comments may all be liberally intermixed and nested.

Thanks to the qpy.xml quoted-no-more class from the Qpy Templating package, providing automatic cross-site scripting protection by guaranteeing that all input is always quoted and quoted only once.

To benefit from this feature Qpy needs to be installed -- running without Qpy only means that you must take care to do your input quoting manually (that is actually just what some other text templating systems expect you to do). If you do not wish to have any XSS vulnerabilities, then this is one killer feature you want!

The unique and powerful automatic-input-quoting-once-and-only-once feature for html/xml formats may be extended to any other source format e.g. URL, SQL, LaTeX, etc, by defining a custom quoted-no-more class for that target format i.e. the equivalent of the qpy.xml class for html/xml strings, and then specifying it as either the (default) quoting value on the Domain or on any Collection, or just on individual Templates as needed.

No python statements, nothing is ever exec'ed, thus the template evaluation context is more easily secured. Expressions may on the other hand be any valid python expression that will be evaluated within the passed (optionally restricted) evaluation context.

Evaluation is within a managed, and optionally restricted, namespace; templates may be safely exposed to untrusted clients.

Applications may extend evaluation namespace with any python callable or, naturally, with Qpy Templates.

Expressions have the form ${expr !format} where the "!format" is optional, and defaults to "!s", i.e. default string rendering. The possible values for format are whatever is allowed by python's string formating operations.

Good template evaluation error handling making template development and debugging easy, while still allowing for secure deployment.

Templates, once compiled and loaded, are cached in memory. Two settings are available: cache_size:int=0 sets the maximum number of loaded templates in a collection (value of 0 meaning no limit) and auto_reload:int=60 sets the minimum number of seconds to wait between checks i.e. between each file-system stat on the template file (value of 0 means to do the file system check on each request for the template). Cache settings may be set per collection.

See how easy it is to dynamically select the base template of a template hierarchy chain at runtime, based on a user's preferences.

Template source files as well as generated output may be in any text format. Any text source file, or pieces thereof, may be used as template -- makes it easy to assemble and evoque bits and pieces of content from any kind of source, and have it either rendered raw or evaluated.

Easily introspectable templates, of their signatures and evaluation namespace.

A few powerful options to enable you to effectively format the template source for optimized readability, independently of targeted output whitespace. There is also support for a slurpy mode -- that will automatically retain and/or strip whitespace as you just need for most cases.

Evoque supports single-line, multi-line, and even nested comments -- convenient for commenting out entire blocks of template source during development -- all in one single simple syntax.

In addition, python expressions may of course also be commented using standard python comments.

A trivially memorable syntax, only a handful of directives, easy management of different template collections, and few but consistently applied principles.

The simplicity of the implementation, and the awesome python builtins and standard library, translate into what may well be the fastest pure python templating system around.