Is bleach.clean() adequate protection from XSS attacks?

I have forms and url query string inputs that are returning a bleached output for CharFields.

FORMS:
def cleanemail(self):
email = self.cleaneddata‘email’
if email:
return bleach.clean(email.lower())

URL QUERY STRING:
query = request.GET.get(‘q’)
bleachedquery = bleach.clean(query).lower()

blogs = Blogs.objects.filter(poststartswith=bleachedquery)


If this enough or overkilled? What are better alternatives?

/r/django
https://redd.it/kypom5

Whats the best way to implement this idea?

I'm working on creating my first real django web app and its going good but I can't decide on how to implement the next part.

So far my app takes in a search query from the user, then scrapes a website based on that search query, saves the scraped info into a list of dictionaries, and then displays those results in a nice grid display back to the user.

Where I'm stuck at now is I want there to be either a checkbox, or a button in each result that the user can check/click and each of the items the user checked off, will be added to a new list to be sent to another scraper function to gather more in depth data on those items.

So user enters a search query, app returns basic info on matching items, user checks which of those items they want more details on, then app scrapes more detailed data but only for the items the user clicked the checkbox.

Should each checkbox be its own django form?
Or should there be a submit button at the bottom and when the user clicks it, a script can iterate through all the items and if checkbox is checked,

/r/djangolearning
https://redd.it/kyqr6s

Sunday Daily Thread: What's everyone working on this week?

Tell /r/python what you're working on this week! You can be bragging, grousing, sharing your passion, or explaining your pain. Talk about your current project or your pet project; whatever you want to share.

/r/Python
https://redd.it/kyuo40

For those interested in Audio DSP coding in Python

Hi all,
over the past year I got back into coding after 6 years in the audio industry. I worked on an audio effects python library for processing audio files and streams for the past 6 months. It actually works quite well with a few bugs remaining and I would just like to share it and maybe get some feedback. I think it is cool, because the only dependency is numpy and you can actually see whats happens with your arrays, so nearly no blackboxing takes place. I mainly used numpy and with some tricks managed to stay below 1.0 millisecond for most processors with a buffer size of 512, so you can actually use most of them in real-time with pyaudio.

Also, I released it under the MIT licence, so feel free to use it in any way you want.


There are quite a few effects I managed to implement and it is one of those resources I wish I had a year ago, just to see different fx in action in a simplified manner. It might also be useful for super easy batch-processing of audio data-sets for CNNs, prototyping vst plugins or do fun stuff with

/r/Python
https://redd.it/kyop0d

I want to create a simple video based website, i don't know how to manage the videos.

Sorry if this isn't the place to post this.

The website will just be a main page, about and a post page, i will be the only one that will upload the videos from the backend, users can only see the website and the videos.

where do i store the videos and how can i upload them?
do i use a form ?
What form can i use for this?
or in what other way can i do this?

/r/django
https://redd.it/kysbjg

Instead of being productive, I wasted my time creating a tool that helps me be productive

Title says it all. Instead of studying, I created a pomodoro GUI application that helps me battle my procrastination and it actually helped. I did this over the course of two days in Python with PyQt5

https://github.com/burakmartin/pomodoro

/r/Python
https://redd.it/kyws9p

[P] (Updated) Automatically Overlaying Baseball Pitch Motion and Trajectory in Realtime (Open Source)

/r/MachineLearning
https://redd.it/kykfh0

N GPT-3 replicate as open source

This is a grassroots group of researchers working to open source AI research https://www.eleuther.ai/

including https://www.eleuther.ai/gpt-neo

/r/MachineLearning
https://redd.it/kyzv0u

Book recommendations

I have been learning the Django for a bout one and half months, after leaning a basic python for two months(i have no experience with programming before, super noob). Now I can build just a simple to do app stuff and blogs but I still habe no idea what’s really going on behind scenes, and felt I need a book for better understanding or whatnot,

So my question is; is there a good guide book for me at the moment? I looked it up and found some ‘Django for beginners by William Vincent’ and ‘two scoops of django’ which lots of people say it’s not for beginners.

Or another way is to learn Flask first for better understanding behind surfaces,,and then back to learning Django,,

What do you guys think?
Your advice and opinion will be very appreciated!

/r/django
https://redd.it/kz4fv2

Worried that heavy use of SQL is an antipattern?

Hi,

I'm setting up a couple of routes whereby I'd like to fetch a set of results for the user based on some complex(ish) filter behaviour.

What I've been doing so far is creating queries in SQLalchemy, wrapping them up into a custom BaseQuery class to standardise some of the methods, and invoking the relevant query instance in my routes.

The queries themselves get quite complex, so I've made efforts to break them into CTEs for testing and traceability purposes, in a couple of cases I've got 3 or 4 CTEs chained together. I've also delegated the more complex queries to background tasks in celery, to stop them from clogging up the request queue.

I'm also using Azure SQL so I have the option to scale the hardware if needed.

My thinking was that offloading the filtering logic to SQL gives the query optimiser the chance to do its magic and would be better than me trying to optimise inside the application.

I am, however, worried that implementing logic in this way is a bit of an anti pattern because:

I haven't seen many examples online with a similar approach
The filtering logic is sitting within the SQL query, which I'm worried

/r/flask
https://redd.it/kz5rjk

I just created a script that relocates dowloaded files based on their extensions!

This script is very useful in case your downloading files all day long and you feel kind of lost in your download folder!

Please tell me what you think of my repo and what I could Improve.

I'm posting this to get visibility but also to get some returns so that I can improve my repo and code :)

here is the repo: https://github.com/aime-risson/pyFileManager

/r/Python
https://redd.it/kz4gqu

Model design - How to represent a field where it should have one of two types?

Hello,

I have an entity where it should have either an audio comment or a text comment, but it can't have both of them at the same time.

Now, as first thought, it can be something like this

class FeedbackFieldsMixin(models.Model):

comment_text = models.TextField(blank=True, null=True, max_length=250)
comment_audio = models.FileField(blank=True, null=True, upload_to=audio_upload)

But, this just doesn't feel right, as model can't have both at the same time there will be always a field with a value of null which is not needed and vice versa, so, what do you think about this? what is the best practise for such case?

Thanks all.

/r/django
https://redd.it/kza568

Should I use React Js with Django to build a real-time video chat app?

My project is to build a video chat app like Google Meet where multiple users can join. I am planning on using React Js for frontend and Django for backend. I understand that I have to use Django channels for handling asynchronous requests with Django and WebRTC for live video transmission with React Js. However, I haven't tried tinkering with any of those yet. So, I need some opinions on my choice of frameworks and libraries. Should I proceed with these frameworks or are there better alternatives? Explanation for preferences would be much appreciated. I also understand that I would have to build an API (using Django Rest Framework) to interact with the React Js frontend.

/r/django
https://redd.it/kyupik

Jupyter in VS Code: Pros and Cons - TowardsDatScience article
https://towardsdatascience.com/jupyter-is-taking-a-big-overhaul-in-visual-studio-code-d9dc621e5f11

/r/JupyterNotebooks
https://redd.it/kzagqf

What is the best way to build a flask app for Geographical HeatMap?

I have location data based on zip codes in the US. Each zip has a shipment cost associated with it. I would like to create an app where a user can select a zip code and can see the data within 200 miles of its radius on a geographical heatmap. I would like to create a map where you can actually zoom in and stuff.

It is a pretty straightforward application but I would like to know:

1) If is there any flask library for heatmaps or if not what is the best javascript library i can use for it in the frontend?

2) Is there any library that makes life easier to search within 200 miles radius from a location (zip code) in the location data. I know geopandas has the ability to do that but if it is any better library? Because first I would also need to convert all the zip codes to the coordinates.

​

Thanks

/r/flask
https://redd.it/kz7h7v

How would I go about automatically pushing new files to the heroku git, to update my flask website?

Hello everyone,

My first project in flask I've actually deployed.

I didn't do this very elegantly, but I just wanted to get something done.
I have some external data, that I track using excel. In my Flask app, I load this excel data, and display as a web page.

Everything works great, but I'm just wondering if there is an easy way to push new data to the heroku git without having to,

git add .

git commit

git push heroku

everytime I update the data.

Or at least if I have to, is there a way to automate this process, so that whenever I update my excel file, I can push this automatically to herokuapp.

I am a super noob here so sorry if this doesn't make sense, I'm happy to clarify.

Any information or insight is greatly appreciated...

/r/flask
https://redd.it/kz1l8y

Monday Daily Thread: Project ideas!

Comment any project ideas beginner or advanced in this thread for others to give a try! If you complete one make sure to reply to the comment with how you found it and attach some source code!

/r/Python
https://redd.it/kzicf0

Open sourcing my automated job board built using React and Django

Hey community,

I am making a automated job board which:

uses ReactJs and Django REST Framework
background worker for scraping jobs from other sites

In coming days I'll be adding :

dynamic filter to select jobs by technology and location
ability to pay using stripe and post jobs

Links:

front end - [https://github.com/TrakBit/FullStackBot](https://github.com/TrakBit/FullStackBot)
back end - https://github.com/TrakBit/fullstackbot-backend

/r/django
https://redd.it/kzcc1w

i made a bot that turns reddit arguments into ace attorney

It's still pretty buggy, I threw it together because my holidays are coming to a close.

Here's an example: https://youtu.be/rvFk8hapDZY

Here's the source code: https://github.com/micah5/ace-attorney-reddit-bot

/r/Python
https://redd.it/kz9kh6

Side project I built using Django (a Tinder for baby names), and what I learned along the way

Hey everyone!

I wanted to share a side project I worked on last year and some of what I learned while building it.

The site itself is called "My Name Fairy" [https://www.mynamefairy.com](https://www.mynamefairy.com). It's a Tinder for baby names.

https://preview.redd.it/i1hpbrei0xb61.png?width=1999&format=png&auto=webp&s=2bd0fe053d25300373f1c5618c106e1d6ecba4ee

Here's a summary of the tech I used to build it:

* Django for BE (obviously :) )
* Nginx for the webserver and serving static assets
* Postgres for the DB
* Vue.js in some places (The [card swiping page](https://www.mynamefairy.com/swipe-names) and [account page](https://www.mynamefairy.com/accounts/me))
* Plain js in other places
* Sass for the styles
* Webpack to build the FE
* Docker/docker-compose for deployment
* Deployed on a digital ocean droplet. The Postgres DB is also a managed DB from DO.
* Amazon CloudFront for a CDN

I mostly started it as a way to learn some new tech (specifically Postgres, Vue, Sass, Webpack, Docker, Nginx and deploying) and it's been great for that. It's also been fun to build something from the ground up. I've always come into a project that's already established. Having to make everyone decision from the beginning was empowering and let me play with tech I wouldn't get to otherwise.

Here are some classes I took:

* [Advanced CSS and Sass](https://www.udemy.com/course/advanced-css-and-sass/) by Jonas Schmedtmann. This class is *awesome*. Seriously, I can't recommend

/r/Python
https://redd.it/kz8uxu