Evoque is generic, meaning it can be made to output
text in any format and run in any context
(stand-alone or integrated within an application framework)
with state-of-the-art features such as:
unicode, dynamic overlays, template caching,
format-extensible automatic quoting,
in-process sandbox —
while still remaining small, simple and extremely fast.
| Small footprint |
Coming in at 992 SLOC.
And 147 of those SLOC are consumed by the generic
decodeh module
for guessing a string’s encoding.
On the other hand this number does not include the code
for the unit tests or the benchmarks.
|
| Unicode |
All internal processing is done on unicode string instances.
There is no output encoding — output is always in unicode.
Applications may encode liberally.
Evoque includes an
advanced encoding guessing algorithm
for decoding
all template input/source files or strings
that may be in any encoding:
as a hint to help Evoque make the
correct guess, an input_encoding
may be specified on each Template, or set as
the default for a Collection, or
as the Domain-wide default (that by default is “utf_8”).
|
| Template addressing / collections in a domain |
Templates are organized in collections in a domain,
and applications may define more than one domain.
All templates within the same domain are addressable and invokable
by each other, and share the same evaluation globals.
On the other hand, templates in different domains are
completely isolated from each other
and are evaluated in distinct contexts.
|
| Mixing/nesting directives |
Conditionals, loops, nested templates,
evoque’ations, comments
may all be liberally intermixed and nested.
|
| Automatic X/HTML input quoting / XSS protection |
Thanks to
the qpy.xml quoted-no-more class from the
Qpy Templating
package, providing automatic
cross-site scripting
protection by guaranteeing that all input is
always quoted and quoted only once.
To benefit from this feature Qpy needs to be installed —
running without Qpy only means that you must take care to do
your input quoting manually
(that is actually just what some other text templating
systems expect you to do).
If you do not wish to have any XSS vulnerabilities,
then this is one killer feature you want!
|
| Quoted-No-More / Extensible automatic quoting |
The unique and powerful automatic-input-quoting-once-and-only-once
feature for html/xml formats may be extended to any other source format
e.g. URL, SQL, LaTeX, etc, by
defining a custom quoted-no-more class
for that target format i.e. the equivalent of the qpy.xml
class for html/xml strings, and then specifying it as either the
(default) quoting value on the Domain or on any Collection,
or just on individual Templates as needed.
|
| Expressions only |
No python statements, nothing is ever exec’ed,
thus the template evaluation context is more easily secured.
Expressions may on the other hand be any valid python expression
that will be evaluated within the passed (optionally restricted)
evaluation context.
|
| Restricted execution |
Evaluation is within a managed, and
optionally restricted, namespace;
templates may be safely exposed to untrusted clients.
|
| Managed evaluation namespace |
Applications may
extend evaluation namespace
with any python callable or, naturally, with
Qpy Templates.
|
| All python % operator formatting |
Expressions have the form ${expr !format} where the “!format”
is optional, and defaults to “!s”, i.e. default string rendering.
The possible values for format are whatever is allowed by
python’s
string formating operations.
|
| Good error handling |
Good
template evaluation error handling
making template development and debugging easy,
while still allowing for secure deployment.
|
| Template caching |
Templates, once compiled and loaded, are cached in memory.
Two settings are available:
cache_size:int=0 sets the maximum number of loaded
templates in a collection (value of 0 meaning no limit) and
auto_reload:int=60
sets the minimum number of seconds to wait between checks
i.e. between each file-system stat on the template file
(value of 0 means to do the file system check on each request for the template).
Cache settings may be set per collection.
|
| Data-driven template inheritance |
See how easy it is to dynamically select
the base template
of a template hierarchy chain at runtime,
based on a user’s preferences.
|
| Open-ended source or target file formats |
Template source files as well as generated output may be in any text format.
Any text source file, or pieces thereof, may be used as template —
makes it easy to assemble and evoque bits and pieces of content from
any kind of source, and have it either rendered raw or evaluated.
|
| Introspectable templates |
Easily introspectable templates, of their signatures and evaluation
namespace.
|
| Whitespace control |
A few powerful options to enable you to effectively format the template
source for optimized readability, independently of targeted output
whitespace.
There is also support for a slurpy mode — that will
automatically retain and/or strip whitespace as you just need
for most cases.
|
| Comments |
Evoque supports single-line, multi-line, and even nested comments —
convenient for commenting out entire blocks of template source during development —
all in one single simple syntax.
In addition, python expressions may of course
also be commented using standard python comments.
|
| Simplicity |
A trivially memorable syntax,
only a handful of directives,
easy management of different template collections,
and few but consistently applied principles.
|
| Speed |
The simplicity of the implementation, and the awesome python builtins and
standard library, translate into what may well be the fastest
pure python templating system around.
|