Adam Alton Web Developer

Now then, if you’ve ever used one of the magical form libraries in Plone you’ll no doubt have spent a fair while trying to work out how to use the damn thing, spent a good while looking for the ellusive documentation, found some out of date article written by a German guy, used his example whilst not having the faintest idea why or how it works, and then spent a fair amount of time fighting against the form library because you needed your form to do something that the form library just didn’t want to do.

During that time it may have occured to you that it would be quicker to just write the damn thing by hand.  Let’s look at our graph below to find out.

Most web frameworks that are not built in PHP have some kind of templating language.  Some frameworks that ARE built in PHP still have a separate templating language.  Let’s remind ourselves why they use a templating language:

1. It provides some kind of auto-escaping of strings to guard against HTML entity issues, and the related security holes that would be opened up if people could post <script>document.location='http://evil-bad-site.com/';</script> into your blog comments.  You don’t have to remember to escape everything, it just does it for you.
2. They allow you to employ a ‘markup monkey’ to do your HTML coding, without any danger of them accidentally dropping your database or messing things up by doing a code woopsie.  Code in the templates can’t alter data.  Not unless a developer has given the template a hook through which to do so.

During my days at Team Rubber I wrote some blog posts, mostly about Python/Zope/Plone things.

Here live here:
http://www.teamrubber.com/blog/author/AdamA/