Django: prohibit template use by template

Question

Django: prohibit template use by template

I have a Django application that looks something like this:

class Server(models.Model):
    hostname = models.CharField(max_length=100)
    # this field stores encrypted credentials
    admin_credentials = models.TextField()

    def get_admin_credentials(self):
        return decrypt(self.admin_credentials)

Since the Django template language allows templates to call methods (which do not require arguments) from their context variables, it seems too easy for a template to skip these credentials simply by specifying the following code:

{{ server.get_admin_credentials }}

How can I prevent templates from using the method directly get_admin_credentials()?

+3

django

Scott Duckworth Feb 11 '14 at 19:23

source share

1 answer

Mark Lavin · Accepted Answer · 2014-02-11T19:32:59+0000

This is noted in the template API docs: https://docs.djangoproject.com/en/stable/ref/templates/api/#variables-and-lookups

, , , . do_not_call_in_templates True. , (, , ).

, do_not_call_in_templates:

def get_admin_credentials(self):
    return decrypt(self.admin_credentials)
get_admin_credentials.do_not_call_in_templates = True

Django: prohibit template use by template

More articles: