Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
.. image:: https://github.com/matthiask/django-js-asset/workflows/Tests/badge.svg :target: https://github.com/matthiask/django-js-asset
Use this to insert a script tag via forms.Media
containing additional
attributes (such as id
and data-*
for CSP-compatible data
injection.):
.. code-block:: python
from js_asset import JS
forms.Media(js=[
JS("asset.js", {
"id": "asset-script",
"data-answer": "42",
}),
])
The rendered media tag (via {{ media.js }}
or {{ media }}
will
now contain a script tag as follows, without line breaks:
.. code-block:: html
<script type="text/javascript" src="/static/asset.js"
data-answer="42" id="asset-script"></script>
The attributes are automatically escaped. The data attributes may now be
accessed inside asset.js
:
.. code-block:: javascript
var answer = document.querySelector("#asset-script").dataset.answer;
Also, because the implementation of static
differs between supported
Django versions (older do not take the presence of
django.contrib.staticfiles
in INSTALLED_APPS
into account), a
js_asset.static
function is provided which does the right thing
automatically.
Since 3.0 django-js-asset also ships a CSS
and JSON
media object which
can be used to ship stylesheets, inline styles and JSON blobs to the frontend.
It's recommended to pass those through forms.Media(js=[])
as well since
js
is a simple list while css
uses a dictionary keyed with the media to
use for the stylesheet.
So, you can add everything at once:
.. code-block:: python
from js_asset import CSS, JS, JSON
forms.Media(js=[
JSON({"configuration": 42}, id="widget-configuration"),
CSS("widget/style.css"),
CSS("p{color:red;}", inline=True),
JS("widget/script.js", {"type": "module"}),
])
This produces:
.. code-block:: html
<script id="widget-configuration" type="application/json">{"configuration": 42}</script>
<link rel="stylesheet" href="/static/widget/style.css">
<style>p{color:red;}</style>
<script src="/static/widget/script.js" type="module"></script>
At the time of writing this app is compatible with Django 4.2 and better
(up to and including the Django main branch), but have a look at the
tox configuration <https://github.com/matthiask/django-js-asset/blob/main/tox.ini>
_ for
definitive answers.
FAQs
script tag with additional attributes for django.forms.Media
We found that django-js-asset demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.