Monthly Archives: March 2016

DataTables to prevent xss attack

The solution is: use “render”: $.fn.dataTable.render.text() to escape html tags


How to send an email with image files and the the images are shown on page instead of being attachments ?

Your email must satisfy the following rules:

1. it’s a multi-part email

2. it has an "html" as one of its parts (content type must be set)

3. every image must have a header like "Content-ID: <some-id>", and of course, content type must be set

4. the <img> tags in your html must use "cid" to refer to these images, such as "<img src=’cid: some-id’/> 

Keep in mind that celery workers don’t share global states


 1. A task has a top-level variable, whose value is 1 at first

 2. After run once by celery, the value is changed to 2 

 3. When running task with celery for the second time, you will see the value is still 1 !

That’s because the the worker running for the first  time is not the one who runs for the second time.   They are different processes! 

You need to keep this in mind, and put the global states in a database or something.  

man.get_things() or Thing.get_things_by_man() when Active Records Pattern is used?

There is requirement for a method to get things of a man.  Where to put it?  
man.get_things() or   (static) Thing.get_things_by_man()  ?  
From OO’s perspective, the former sounds more natural.   I was planning to adopt this approach until I found a problem:  it may lead to duplicate db access code because not only men has things.  
Men have things, and animals also have things.  If both have method to get_things(),  duplicate logic is going to happen, unless you extract the common code to a third class, and the two subjects call this common method.    It’s fine, but an overkill in small projects which uses Active Records.  Only small projects use this pattern,  right? 
So I chose the "transcript template" pattern:   Thing.get_things_by_man()  .  The benefits it has include,
1. To avoid the disadvantage man.get_things()  has, explained above
2. To make the position of methods more guessable since it treated everything a "resource", just like how RESTFul urls are expectable.