Python Template Engine

A production-grade custom template engine for Python with comprehensive Unicode support, security features, and HTML/text rendering capabilities.

🚀 Features

• Simple API: Single render() method with optional auto-escape parameter
• Unicode Support: Full Unicode support including emojis, international characters, and complex scripts
• Security: XSS protection, SSTI prevention, and safe variable handling
• Flexible Templates: Support for variables and loops with dot notation
• HTML & Text: Configurable HTML escaping for both HTML and plain text templates
• Error Handling: Comprehensive error handling with strict and non-strict modes

📦 Installation

Clone this repository:

git clone https://github.com/yourusername/python-template-engine.git
cd python-template-engine

No external dependencies required - uses only Python standard library!

🎯 Quick Start

from template_engine import TemplateEngine

# Create engine
engine = TemplateEngine()

# Simple variable substitution
template = "Hello $name! Welcome to $site."
context = {'name': 'Alice', 'site': 'My Website'}
result = engine.render(template, context)
# Output: "Hello Alice! Welcome to My Website."

# Loop through data
template = """
Users:
{% for user in users %}
- $user.name ($user.email)
{% endfor %}
"""
context = {
    'users': [
        {'name': 'Alice', 'email': 'alice@example.com'},
        {'name': 'Bob', 'email': 'bob@example.com'}
    ]
}
result = engine.render(template, context)

🌍 Unicode Support

Full Unicode support for international applications:

# International characters
template = "Hello $name! 你好 $chinese_name! مرحبا $arabic_name!"
context = {
    'name': 'João',
    'chinese_name': '小明', 
    'arabic_name': 'أحمد'
}
result = engine.render(template, context)
# Output: "Hello João! 你好 小明! مرحبا أحمد!"

# Emojis and symbols
template = "🎉 Welcome $name! Status: $status 💯"
context = {'name': 'User', 'status': '完成'}
result = engine.render(template, context)
# Output: "🎉 Welcome User! Status: 完成 💯"

🔒 Security Features

XSS Protection

# HTML escaping enabled by default for HTML templates
engine = TemplateEngine(auto_escape=True)
template = "<h1>$title</h1><p>$message</p>"
context = {
    'title': 'Safe Title',
    'message': '<script>alert("XSS")</script>'
}
result = engine.render(template, context)
# Output: "<h1>Safe Title</h1><p>&lt;script&gt;alert(\"XSS\")&lt;/script&gt;</p>"

Per-Template Control

# Override escaping per template
html_result = engine.render(template, context, auto_escape=True)   # HTML safe
text_result = engine.render(template, context, auto_escape=False)  # Plain text

📖 Template Syntax

Variables

• Simple: $variable
• Braced: ${variable}
• Dot notation: $user.name, $item.price

Loops

{% for item in items %}
    $item.property
{% endfor %}

Example Template

<!DOCTYPE html>
<html>
<head>
    <title>$page_title</title>
</head>
<body>
    <h1>$heading</h1>
    <ul>
    {% for user in users %}
        <li>
            <strong>$user.name</strong> - $user.email
            <br>Age: $user.age
        </li>
    {% endfor %}
    </ul>
    <p>Total users: $total_count</p>
</body>
</html>

⚙️ Configuration Options

# Template engine options
engine = TemplateEngine(
    auto_escape=True,    # Enable HTML escaping by default
    strict_mode=True     # Raise errors for missing variables
)

# Non-strict mode (preserves missing variables as placeholders)
lenient_engine = TemplateEngine(strict_mode=False)

🧪 Testing

Run the comprehensive test suite:

# Basic functionality
python usage_guide.py

# Security tests
python security_injection_test.py

# Unicode support
python unicode_comprehensive_test.py

# HTML security demo
python html_security_demo.py

# Text escaping behavior
python text_escape_demo.py

📊 Examples

The repository includes several example files:

• usage_guide.py - Basic usage examples
• auto_escape_test.py - Auto-escape parameter testing
• html_security_demo.py - XSS protection demonstration
• text_escape_demo.py - Text vs HTML escaping comparison
• security_injection_test.py - Security vulnerability testing
• unicode_comprehensive_test.py - Unicode support testing

🛡️ Security

This template engine is designed with security in mind:

• No code execution: Uses string substitution, not eval()
• Variable filtering: Dangerous variable names are filtered
• XSS protection: HTML escaping for web templates
• SSTI prevention: Safe template syntax only
• Input validation: Validates variable names and template syntax

🤝 Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests for new functionality
5. Submit a pull request

📄 License

This project is open source. Feel free to use it in your projects!

🔧 Requirements

• Python 3.6+
• No external dependencies

🎯 Use Cases

Perfect for:

• Web applications (HTML templates)
• Email templates (text and HTML)
• Configuration file generation
• Report generation
• Document templates
• International applications
• Security-conscious applications

🌟 Why This Template Engine?

• Simple: Easy to learn and use
• Secure: Built-in protection against common vulnerabilities
• Unicode: Full international character support
• Flexible: Works for both HTML and text templates
• Fast: Lightweight with no external dependencies
• Reliable: Comprehensive error handling and testing