include parameters supported? #382
Comments
|
AFAICS all parameters are automatically passed to included templates, but it is not possible to only pass some of them: and then in content.htm |
|
Actually you can't even do that. We've hit a problem in our patternlab where the variables are not available to the included file. To be brutally honest, the macro tag should be merged into the include tag. edit: can't access objects by reference, only literals |
Can you expand on this? I can't reproduce this at all |
|
Please re-open if you have a reproducible test case. This works: foo.html output: "parameters: tournament" |
|
The functionality that seems to be missing from Nunjucks is the following: file.html The output should be: If you want certain values of the context to be accessible inside the included file, and other values to be excluded from its scope, you need to have something akin to Twig and Swig's with...only syntax. A use case for this feature might be where the included template is user-supplied and you want to make sure that it is not able to access context beyond a specific whitelist. This functionality is also available in Twig and Django (albeit with a slightly different syntax in the case of Django). Jinja provides the {% include "file.html" without context %} syntax, but doesn't allow arguments to be passed in in that case. |
|
@legutierr IMO in Jinja/nunjucks those use cases are intended to be handled with macros instead of includes. |
|
@carljm I agree that What it mostly comes down to is that If a user defines a macro, they would have to give it the name that you intend to import. And because the order and number of a macro's parameters matters, a user must be careful to list all of the parameters in the right order. For a typical "mail merge" type application, these requirements are the difference between asking the user to create the following template on one hand... ...and the following template on the other... My users would have a real problem getting this right. Could it be possible to make it easier for the user by calling ...wrapping This approach is also much more verbose. Now, one possible alternative might be to implement a sort of "include.html" macro file as a sort of intermediary... ...which, in turn, would be imported... ...but this approach is even more verbose and convoluted. In this case, I understand that Nunjucks typically tracks closest to Jinja, rather than Django and Twig, but I think that the fact that both Django and Twig implement this feature shows that it is useful to people. Sure, Django doesn't have the |
|
@legutierr If I were implementing the "sandbox" or mail-merge type functionality you're discussing, I would render the user template directly from code (thereby allowing me to fully control the context and prevent any interaction with other templates) and then pass the rendered user content as part of the context to my application templates as needed. That said, I'm not strongly opposed to adding this feature. I'm just personally only interested in nunjucks' Jinja-compatibility, so I won't spend time reviewing or merging non-Jinja features. But if another core dev wants to add it, I won't stand in the way. |
|
(It's also important to note if we're using the word "sandbox" that it is not safe to allow untrusted users to write nunjucks templates for your application. You have to at least trust the users not to be actively malicious. Nunjucks is not designed to support true secure sandboxing; a template author can almost certainly find a way to DoS your system if motivated enough.) |
|
@carljm You're right, I think I might have been a little loose in my use of the term "sandbox". Yes, for the typical mail-merge-type functionality, separately rendering would probably make sense. What I myself am doing is a little different than that. My typical users would better be described as designers working under contract, so "less trusted" rather than "untrusted". And I agree that it would be relatively trivial for an actively malicious user to DoS nunjucks, which is why if I ever intend to give template authorship rights to end-users I would use a library like tripwire for node.js or interruptingcow for python in the case of jinja, in addition to taking other preventative steps. (I believe, however, that a privilege escalation-type attack should not be possible from inside nunjucks or jinja; I'd be curious as to your thoughts on that.) Now, regarding your personal interest in focusing only on Nunjucks and Jinja compatibility...there are a few areas where Nunjucks' is currently incompatible:
If I produced pull requests that incorporated this functionality into Nunjucks, would you be able & willing to work with me to review them and get them merged? |
|
Are you sure about Regarding the other two, sure, I'd be happy to take a look at a PR. |
|
@carljm I did a code search for https://github.com/mozilla/nunjucks/search?p=1&q=without+context&type=Code Looking through the implementation itself, I also don't see where Nunjucks would be handling I'll ping you back when I have the pull requests together. |
|
Ah yes, I was remembering seeing the pull request for adding support to Sounds good. FYI I'm leaving for a ten-day vacation tomorrow so if you're quick with the PRs I won't be as quick with the reviews :-) |
|
I believe a PR was already opened for this a while ago. It would need some adaptation to work with the latest code base, but might provide a good starting point: #277 I am in favour of this feature for a different reason. I think it makes rendering an array of objects cleaner and less verbose. For example, this code might be used when rendering a page server-side: Then later on, when a new comment is added after the initial page render, just the comment partial can be rendered client side quite nicely: |
|
@carljm The pull requests should be ready for your review when you get back :) @asabhaney I don't actually think you need the feature being discussed here. If all you do is this: Then |
|
@legutierr That's true, it's not necessary - it's more of a convenience. Like many nunjucks users, I come from using swig.js, where being able to do this was arguably one of its nicest features. I do realize that nunjucks aims to follow jinja, and not Twig, but nunjucks has taken subtle liberties where it makes certain use cases easier for its users. Using your example, inside of
It would be nice to simply write the following in
I find that having to write |
|
@asabhaney Ah, yes, I see how that would be more convenient. Good point. |
|
This feature will be very helpful for rendering similar information from different datasources. For example we may have a template to render a list of articles: and then use this as include for following: |
|
Plus one for |
|
Hi, any progress on this? |
|
As someone who is attempting to share server-side (Twig) templates and JS rendered (Nunjucks) templates, this would be really great. (Twig includes have |
|
Any news on this? |
|
it's open here #539 |
|
Still another technique. Setting variables in a partial and then importing it before calling an include. You could set variables somewhere, say Your calling template imports them as a variable: and then calls the partial template that needs them: {# page sections pass content (c) to each partial #}
{% import "content/hero-vars.nunj" as c %}
{% include "partials/hero-image.nunj" %}And here's your partial that uses them. Notice it uses the c variable with the variables you set: <section class="section component-hero-image">
<img class="hero-img" src="{{c.hero_img}}" alt="">
<div class="overlay">
<h1 class="title text-uppercase text-center">{{ c.hero_image_title }}</h1>
</div>
</section> |
i'm considering a switch from swig to nunjucks and have been reading if all my requirements are covered. one thing though, can i use parameters with include?
like with swig i can use this;
and then in content.htm can reference it
is this possible with nujucks as the documentation doesn't mention about it? http://mozilla.github.io/nunjucks/templating.html#include
The text was updated successfully, but these errors were encountered: