Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Markdown template based HTML and text emails for Django.
python3 -m pip install emark
# settings.py
INSTALLED_APPS = [
'emark',
# ...
]
python3 manage.py migrate
<!-- myapp/my_message.md -->
# Hello World
Hi {{ user.short_name }}!
# myapp/emails.py
from emark.message import MarkdownEmail
class MyMessage(MarkdownEmail):
subject = "Hello World"
template_name = "myapp/my_message.md"
# myapp/views.py
from . import emails
def my_view(request):
message = emails.MyMessage.to_user(request.user)
message.send()
You can use Django's template engine, just like you usually would. You can use translations, template tags, filters, blocks, etc.
You may also have a base template, that you inherit form in your individual emails to provide a consistent salutation and farewell.
<!-- base.md -->
{% load static i18n %}
{% block salutation %}Hi {{ user.short_name }}!{% endblock %}
{% block content %}{% endblock %}
{% block farewell %}
{% blocktrans trimmed %}
Best regards,
{{ site_admin }}
{% endblocktrans %}
{% endblock %}
{% block footer %}
Legal footer.
{% endblock %}
<!-- myapp/email.md -->
{% extends "base.md" %}
{% block content %}
This is the content of the email.
{% endblock %}
The context is passed to the template as a dictionary. Furthermore, you may
override the get_context_data
method to add additional context variables.
# myapp/emails.py
from emark.message import MarkdownEmail
class MyMessage(MarkdownEmail):
subject = "Hello World"
template_name = "myapp/email.md"
def get_context_data(self):
context = super().get_context_data()
context["my_variable"] = "Hello World"
return context
Django eMark comes with built-in tracking for sent, open and click events. The tracking is done via a tracking pixel and a redirect view.
As an added bonus, this feature also comes with an open-in-browser link that allows the user to view the email in their browser if their email client does not support HTML emails.
This feature is disabled by default. To enable it, you need to use a separate email backend. This backend will send the email via SMTP and also add the tracking pixel and redirect view. However, it will send a separate email for each recipient, which may not be desirable in all cases.
# settings.py
EMAIL_BACKEND = "emark.backends.TrackingSMTPEmailBackend"
Furthermore, you need to add the tracking view to your urls.py
:
# urls.py
from django.urls import include, path
urlpatterns = [
# … other urls
path("emark/", include("emark.urls")),
]
You will need to provide a domain name for the tracking pixel and redirect view.
This can be done via the DOMAIN
setting:
# settings.py
EMARK = {
"DOMAIN": "example.com"
}
If the site framework is installed and no settings are provided, the domain will be automatically set to the current site's domain.
The tracking data is stored in the database. You need to run migrations to create the necessary tables:
python3 manage.py migrate
You can analyze the tracking data via the tables emark_sent
, emark_open
and
emark_click
.
Every MarkdownEmail
subclass comes with automatic UTM tracking.
UTM parameters are added to all links in the email. Existing UTM params on link
that have been explicitly set, are not overridden. The default parameters are:
utm_source
: website
utm_medium
: email
utm_campaign
: {{ EMAIL_CLASS_NAME }}
The global UTM parameters can be overridden via the EMARK_UTM_PARAMS
setting,
which is a dictionary of parameters:
# settings.py
EMARK = {
"UTM_PARAMS": {
"utm_source": "website", # default
"utm_medium": "email", # default
}
}
You may also change the UTM parameters by overriding the get_utm_params
or passing a utm_params
dictionary to class constructor.
# myapp/emails.py
from emark.message import MarkdownEmail
class MyMessage(MarkdownEmail):
subject = "Hello World"
template_name = "myapp/email.md"
# override the parameters for this email class
def get_utm_params(self):
return {
"utm_source": "myapp",
"utm_medium": "email",
"utm_campaign": "my-campaign",
}
# or alternatively during instantiation
MyMessage(utm_params={"utm_campaign": "my-other-campaign"}).send()
Pretty HTML emails are great, unless they spam your console during development.
To prevent this, you can use the ConsoleEmailBackend
:
# settings.py
EMAIL_BACKEND = "emark.backends.ConsoleEmailBackend"
The ConsoleEmailBackend
will only print the plain text version of the email.
Django eMark comes with a simple email dashboard to preview your templates.
To enable the dashboard, add the app to your INSTALLED_APPS
setting
# settings.py
INSTALLED_APPS = [
# ...
"emark",
"emark.contrib.dashboard", # needs to be added before Django's admin app
# ...
"django.contrib.admin", # required for the dashboard
# ...
]
and add the following to your urls.py
:
# urls.py
from django.urls import include, path
urlpatterns = [
# … other urls
path("emark/", include([
path("", include("emark.urls")),
path("dashboard/", include("emark.contrib.dashboard.urls")),
])),
]
Next you need to register the email classes you want to preview in the dashboard:
# myapp/emails.py
from emark.message import MarkdownEmail
from emark.contrib import dashboard
@dashboard.register
class MyMessage(MarkdownEmail):
subject = "Hello World"
template_name = "myapp/email.md"
FAQs
Markdown template based HTML and text emails for Django.
We found that emark demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.