Various utility functions shipped with Werkzeug.
class werkzeug.utils.HTMLBuilder(dialect)
Helper object for HTML generation.
Per default there are two instances of that class. The html
one, and the xhtml
one for those two dialects. The class uses keyword parameters and positional parameters to generate small snippets of HTML.
Keyword parameters are converted to XML/SGML attributes, positional arguments are used as children. Because Python accepts positional arguments before keyword arguments it’s a good idea to use a list with the star-syntax for some children:
>>> html.p(class_='foo', *[html.a('foo', href='foo.html'), ' ', ... html.a('bar', href='bar.html')]) u'<p class="foo"><a href="foo.html">foo</a> <a href="bar.html">bar</a></p>'
This class works around some browser limitations and can not be used for arbitrary SGML/XML generation. For that purpose lxml and similar libraries exist.
Calling the builder escapes the string passed:
>>> html.p(html("<foo>")) u'<p><foo></p>'
werkzeug.utils.escape(s)
Replace special characters “&”, “<”, “>” and (“) to HTML-safe sequences.
There is a special handling for None
which escapes to an empty string.
Changed in version 0.9: quote
is now implicitly on.
Parameters: |
|
---|
werkzeug.utils.unescape(s)
The reverse function of escape
. This unescapes all the HTML entities, not only the XML entities inserted by escape
.
Parameters: | s – the string to unescape. |
---|
class werkzeug.utils.cached_property(func, name=None, doc=None)
A decorator that converts a function into a lazy property. The function wrapped is called the first time to retrieve the result and then that calculated result is used the next time you access the value:
class Foo(object): @cached_property def foo(self): # calculate something important here return 42
The class has to have a __dict__
in order for this property to work.
werkzeug.utils.invalidate_cached_property(obj, name)
Invalidates the cache for a cached_property
:
>>> class Test(object): ... @cached_property ... def magic_number(self): ... print("recalculating...") ... return 42 ... >>> var = Test() >>> var.magic_number recalculating... 42 >>> var.magic_number 42 >>> invalidate_cached_property(var, "magic_number") >>> var.magic_number recalculating... 42
You must pass the name of the cached property as the second argument.
class werkzeug.utils.environ_property(name, default=None, load_func=None, dump_func=None, read_only=None, doc=None)
Maps request attributes to environment variables. This works not only for the Werzeug request object, but also any other class with an environ attribute:
>>> class Test(object): ... environ = {'key': 'value'} ... test = environ_property('key') >>> var = Test() >>> var.test 'value'
If you pass it a second value it’s used as default if the key does not exist, the third one can be a converter that takes a value and converts it. If it raises ValueError
or TypeError
the default value is used. If no default value is provided None
is used.
Per default the property is read only. You have to explicitly enable it by passing read_only=False
to the constructor.
class werkzeug.utils.header_property(name, default=None, load_func=None, dump_func=None, read_only=None, doc=None)
Like environ_property
but for headers.
werkzeug.utils.redirect(location, code=302, Response=None)
Returns a response object (a WSGI application) that, if called, redirects the client to the target location. Supported codes are 301, 302, 303, 305, 307, and 308. 300 is not supported because it’s not a real redirect and 304 because it’s the answer for a request with a request with defined If-Modified-Since headers.
New in version 0.10: The class used for the Response object can now be passed in.
New in version 0.6: The location can now be a unicode string that is encoded using the iri_to_uri()
function.
Parameters: |
|
---|
werkzeug.utils.append_slash_redirect(environ, code=301)
Redirects to the same URL but with a slash appended. The behavior of this function is undefined if the path ends with a slash already.
Parameters: |
|
---|
werkzeug.utils.import_string(import_name, silent=False)
Imports an object based on a string. This is useful if you want to use import paths as endpoints or something similar. An import path can be specified either in dotted notation (xml.sax.saxutils.escape
) or with a colon as object delimiter (xml.sax.saxutils:escape
).
If silent
is True the return value will be None
if the import fails.
Parameters: |
|
---|---|
Returns: |
imported object |
werkzeug.utils.find_modules(import_path, include_packages=False, recursive=False)
Finds all the modules below a package. This can be useful to automatically import all views / controllers so that their metaclasses / function decorators have a chance to register themselves on the application.
Packages are not returned unless include_packages
is True
. This can also recursively list modules but in that case it will import all the packages to get the correct load path of that module.
Parameters: |
|
---|---|
Returns: |
generator |
werkzeug.utils.validate_arguments(func, args, kwargs, drop_extra=True)
Checks if the function accepts the arguments and keyword arguments. Returns a new (args, kwargs)
tuple that can safely be passed to the function without causing a TypeError
because the function signature is incompatible. If drop_extra
is set to True
(which is the default) any extra positional or keyword arguments are dropped automatically.
The exception raised provides three attributes:
missing
extra
extra_positional
This can be useful for decorators that forward user submitted data to a view function:
from werkzeug.utils import ArgumentValidationError, validate_arguments def sanitize(f): def proxy(request): data = request.values.to_dict() try: args, kwargs = validate_arguments(f, (request,), data) except ArgumentValidationError: raise BadRequest('The browser failed to transmit all ' 'the data expected.') return f(*args, **kwargs) return proxy
Parameters: |
|
---|---|
Returns: |
tuple in the form |
werkzeug.utils.secure_filename(filename)
Pass it a filename and it will return a secure version of it. This filename can then safely be stored on a regular file system and passed to os.path.join()
. The filename returned is an ASCII only string for maximum portability.
On windows systems the function also makes sure that the file is not named after one of the special device files.
>>> secure_filename("My cool movie.mov") 'My_cool_movie.mov' >>> secure_filename("../../../etc/passwd") 'etc_passwd' >>> secure_filename(u'i contain cool \xfcml\xe4uts.txt') 'i_contain_cool_umlauts.txt'
The function might return an empty filename. It’s your responsibility to ensure that the filename is unique and that you abort or generate a random filename if the function returned an empty one.
New in version 0.5.
Parameters: | filename – the filename to secure |
---|
werkzeug.utils.bind_arguments(func, args, kwargs)
Bind the arguments provided into a dict. When passed a function, a tuple of arguments and a dict of keyword arguments bind_arguments
returns a dict of names as the function would see it. This can be useful to implement a cache decorator that uses the function arguments to build the cache key based on the values of the arguments.
Parameters: |
|
---|---|
Returns: |
a |
Please refer to URL Helpers.
class werkzeug.useragents.UserAgent(environ_or_string)
Represents a user agent. Pass it a WSGI environment or a user agent string and you can inspect some of the details from the user agent string via the attributes. The following attributes exist:
string
the raw user agent string
platform
the browser platform. None
if not recognized. The following platforms are currently recognized:
aix
amiga
android
blackberry
bsd
chromeos
dragonflybsd
freebsd
hpux
ipad
iphone
irix
linux
macos
netbsd
openbsd
sco
solaris
symbian
wii
windows
browser
the name of the browser. None
if not recognized. The following browsers are currently recognized:
aol
*ask
*baidu
*bing
*camino
chrome
edge
firefox
galeon
google
*kmeleon
konqueror
links
lynx
mozilla
msie
msn
netscape
opera
safari
seamonkey
webkit
yahoo
*(Browsers marked with a star (*
) are crawlers.)
version
the version of the browser. None
if not recognized.
language
the language of the browser. None
if not recognized.
New in version 0.6.1.
werkzeug.security.generate_password_hash(password, method='pbkdf2:sha256', salt_length=8)
Hash a password with the given method and salt with a string of the given length. The format of the string returned includes the method that was used so that check_password_hash()
can check the hash.
The format for the hashed string looks like this:
method$salt$hash
This method can not generate unsalted passwords but it is possible to set param method=’plain’ in order to enforce plaintext passwords. If a salt is used, hmac is used internally to salt the password.
If PBKDF2 is wanted it can be enabled by setting the method to pbkdf2:method:iterations
where iterations is optional:
pbkdf2:sha256:80000$salt$hash pbkdf2:sha256$salt$hash
Parameters: |
|
---|
werkzeug.security.check_password_hash(pwhash, password)
check a password against a given salted and hashed password value. In order to support unsalted legacy passwords this method supports plain text passwords, md5 and sha1 hashes (both salted and unsalted).
Returns True
if the password matched, False
otherwise.
Parameters: |
|
---|
werkzeug.security.safe_str_cmp(a, b)
This function compares strings in somewhat constant time. This requires that the length of at least one string is known in advance.
Returns True
if the two strings are equal, or False
if they are not.
New in version 0.7.
werkzeug.security.safe_join(directory, *pathnames)
Safely join zero or more untrusted path components to a base directory to avoid escaping the base directory.
Parameters: |
|
---|---|
Returns: |
A safe path, otherwise |
werkzeug.security.pbkdf2_hex(data, salt, iterations=150000, keylen=None, hashfunc=None)
Like pbkdf2_bin()
, but returns a hex-encoded string.
New in version 0.9.
Parameters: |
|
---|
werkzeug.security.pbkdf2_bin(data, salt, iterations=150000, keylen=None, hashfunc=None)
Returns a binary digest for the PBKDF2 hash algorithm of data
with the given salt
. It iterates iterations
times and produces a key of keylen
bytes. By default, SHA-256 is used as hash function; a different hashlib hashfunc
can be provided.
New in version 0.9.
Parameters: |
|
---|
Werkzeug uses standard Python logging
. The logger is named "werkzeug"
.
import logging logger = logging.getLogger("werkzeug")
If the logger level is not set, it will be set to INFO
on first use. If there is no handler for that level, a StreamHandler
is added.
© 2007–2020 Pallets
Licensed under the BSD 3-clause License.
https://werkzeug.palletsprojects.com/en/1.0.x/utils/