I used flask to make a web portal for the users to register but when I run the html file using a local host, the display looks like below:
This html file is not actually an html file but rather a Jinja template. Thus, you need it to be served via your flask app render_template function. So it makes not sense to open this page via browser as html.
Related
What file can be uploaded on a webapp built on django framework if it's allowing unrestricted file upload? When I uploaded a shell.py it simply rendered as text in the browser but html and javascript are executing fine.
if you can execute that file when django render, maybe you can try first a os.system("whoami") and then you can change that for a cmd and pass commands calling that file on your browser/burp/curl. if accept any file, it's really easy
I have a Flask app integrating a Dash application.
My Flask application use Flask-Login to handle login, which is working well.
However I have a bug in my Dash application that only happens in production: my dash application shows files (images) located in a data folder. It needs serving file at URL such as http://127.0.0.1:5000/data/person1/person1_image.jpg or whatever the root URL is.
So what I did is I created a route for this such as:
#bp.route("/data/<path:filename>")
#login_required
def data_folder(filename):
"""Serve files located in person subfolder inside folder"""
return send_from_directory(current_app.config["DATA_FOLDER"], filename)
Which works "well" in local developpement. The first time I open the page the image don't show, but when I refresh it does.
But in production, no matter how many time I refresh the page the image doesn't show.
When I check the network tab of Firefox I get this:
302 https://my_domain.com/data/person1/person1_image.jpg
200 https://my_domain.com/login?next=/data/person1/person1_image.jpg
So it appears that when trying to fetch the ressource, it redirect me to the login page, while I'm already logged in ! (As the initial page is also login-protected and I am acessing it.)
Could this be a cookie thing ? In my config.py I have this:
SESSION_COOKIE_SAMESITE = "Lax"
SESSION_COOKIE_SECURE = "True"
Thanks for your help !
i just would like to run a python script by clicking on a html button.
python script is reallly simple. when you run it, it just add a "name" and "age" data in my database.
import sqlite3
conn = sqlite3.connect('bdaremplir.sqlite')
cur = conn.cursor()
"""cur.execute('DROP TABLE IF EXISTS latable')
cur.execute('CREATE TABLE latable (noms TEXT, age INTEGER)')"""
nom = 'TheName'
age = 100
cur.execute('''INSERT OR IGNORE INTO latable (noms, age) VALUES ( ?, ? )''', (nom, age))
conn.commit()
and the basics of html
<!DOCTYPE html>
<html>
<head>
<title>visualisateur</title>
</head>
<body>
<button></button>
</body>
</html>
now from here i don't at all what i can do.
if anyone can help... thank you.
Web browsers only know how to run JavaScript, not Python, so unless you really want to run Python in the browser1, you have to learn about the client-server architecture of the web.
Basically, you have to
make your Python program available as a web server, and
send a request to that server when your HTML button is clicked.
Running a web server
There are many ways to implement a web server in Python. When you get to writing a proper application, you'll probably want to use a library like Flask, Django, or others. But to get started quickly, you can use the built-in Python HTTP server with CGI:
Create a Python script named handle_request.py with the following content:
#!/usr/bin/env python3
print("Content-Type: text/plain\n")
print("hello world")
and put it into the cgi-bin directory next to your HTML file and make sure you can run it by typing "handle_request.py" into the console;
2. Run the built-in HTTP server:
python3 -m http.server --bind localhost --cgi 8000
Open http://localhost:8000 in your browser to access the server.
You should see the listing of the directory, including your HTML file and the cgi-bin directory. Clicking the HTML file should display it in the browser (with a URL like http://localhost:8000/test.html), and opening http://localhost:8000/cgi-bin/handle_request.py will run the script we've created and display its response as a web page. You can add your code to the script, and it will run whenever the browser accesses its URL.
Making a request from your web page
Now the question is how to make the browser access the http://localhost:8000/cgi-bin/handle_request.py URL when a button on your page is clicked.
To do that you need to invoke the API for making requests from JavaScript. There are different ways to do that (e.g. XMLHttpRequest or jQuery.ajax()), but a simple way that works in the modern web browsers is fetch():
<button id="mybutton"></button>
<script>
document.getElementById("mybutton").onclick = async function() {
let response = await fetch("http://localhost:8000/cgi-bin/handle_request.py");
let text = await response.text();
alert(text);
}
</script>
Now when you click the button, the browser will make a request to the specified URL (thus running your script), but instead of displaying the results as a web page in a tab, it will be made available to your JavaScript.
notes
1 ...which you probably don't at this point, but if you do, see the pointers by Michael Bianconi.
My HTML form has
action="https://us-central1-PROJECT_ID.cloudfunctions.net/FUNCTION_ID"
with
method="post" target="_blank"
The link sends an email address string to a Google Cloud Function in the Python 3.7 Beta Runtime.
The function performs correctly and interacts with a third party API.
After the function runs it loads a blank page with
OK
as the only content. From here I'd like to redirect back to my website but I can't quit figure out how to do this.
Ive tried
Placing a urllib.request at the end of my Python function
Performing an XMLHttpRequest
Changing
target="_blank"
to
target="_self"
What is the correct way to do this?
Google Cloud Functions uses Flask under the hood to serve your endpoint, so you can just return a redirect at the end:
from flask import redirect
def test(request):
return redirect('https://google.com')
I'm developing an web app using Flask in Heroku. My web will have k news pages. Information for each page is stored in database. When user make a request in web browser, the returned page can be generated using render_templates() in Flask.
The problem is when all users request same page, render_templates() will be called multiple times for the same page => kind of wasting resources to do the same thing
I curious whether I should use render_templates() or I should generate k static pages and use there static file instead?
You can use Flask-Cache package.
Support built-in cache backends like dictionary, file system, memcached, redis, and also custom cache backends.
Example:
#cache.cached(timeout=50)
def index():
return render_template('index.html')
.
#cache.memoize(timeout=50)
def big_foo(a, b):
return a + b + random.randrange(0, 1000)
.
#cache.cached(timeout=50)
def big_foo():
return big_bar_calc()
Also another option [beside that] is using front page caching, like varnish.