web.py API


Web application (from web.py)

class web.application.application(mapping=(), fvars={}, autoreload=None)

Application to delegate requests based on path.

>>> urls = ("/hello", "hello")
>>> app = application(urls, globals())
>>> class hello:
...     def GET(self): return "hello"
>>> app.request("/hello").data

Adds a processor to the application.

>>> urls = ("/(.*)", "echo")
>>> app = application(urls, globals())
>>> class echo:
...     def GET(self, name): return name
>>> def hello(handler): return "hello, " +  handler()
>>> app.add_processor(hello)
>>> app.request("/web.py").data
b'hello, web.py'

Return a CGI handler. This is mostly useful with Google App Engine. There you can just do:

main = app.cgirun()

Starts the program in a way that will work with Google app engine, no matter which version you are using (2.5 / 2.7)

If it is 2.5, just normally start it with app.gaerun()

If it is 2.7, make sure to change the app.yaml handler to point to the global variable that contains the result of app.gaerun()

For example:

in app.yaml (where code.py is where the main code is located)

handlers: - url: /.*

script: code.app

Make sure that the app variable is globally accessible


Returns HTTPError with ‘500 internal error’ message


Initializes ctx using env.


Returns HTTPError with ‘404 not found’ message

request(localpart='/', method='GET', data=None, host='', headers=None, https=False, **kw)

Makes request to this application for the specified path and method. Response will be a storage object with data, status and headers.

>>> urls = ("/hello", "hello")
>>> app = application(urls, globals())
>>> class hello:
...     def GET(self): 
...         web.header('Content-Type', 'text/plain')
...         return "hello"
>>> response = app.request("/hello")
>>> response.data
>>> response.status
'200 OK'
>>> response.headers['Content-Type']

To use https, use https=True.

>>> urls = ("/redirect", "redirect")
>>> app = application(urls, globals())
>>> class redirect:
...     def GET(self): raise web.seeother("/foo")
>>> response = app.request("/redirect")
>>> response.headers['Location']
>>> response = app.request("/redirect", https=True)
>>> response.headers['Location']

The headers argument specifies HTTP headers as a mapping object such as a dict.

>>> urls = ('/ua', 'uaprinter')
>>> class uaprinter:
...     def GET(self):
...         return 'your user-agent is ' + web.ctx.env['HTTP_USER_AGENT']
>>> app = application(urls, globals())
>>> app.request('/ua', headers = {
...      'User-Agent': 'a small jumping bean/1.0 (compatible)'
... }).data
b'your user-agent is a small jumping bean/1.0 (compatible)'

Starts handling requests. If called in a CGI or FastCGI context, it will follow that protocol. If called from the command line, it will start an HTTP server on the port named in the first command line argument, or, if there is no argument, on port 8080.

middleware is a list of WSGI middleware which is applied to the resulting WSGI function.


Stops the http server started by run.


Returns a WSGI-compatible function for this application.

class web.application.auto_application

Application similar to application but urls are constructed automatically using metaclass.

>>> app = auto_application()
>>> class hello(app.page):
...     def GET(self): return "hello, world"
>>> class foo(app.page):
...     path = '/foo/.*'
...     def GET(self): return "foo"
>>> app.request("/hello").data
b'hello, world'
>>> app.request('/foo/bar').data

alias of application

class web.application.subdomain_application(mapping=(), fvars={}, autoreload=None)

Application to delegate requests based on the host.

>>> urls = ("/hello", "hello")
>>> app = application(urls, globals())
>>> class hello:
...     def GET(self): return "hello"
>>> mapping = (r"hello\.example\.com", app)
>>> app2 = subdomain_application(mapping)
>>> app2.request("/hello", host="hello.example.com").data
>>> response = app2.request("/hello", host="something.example.com")
>>> response.status
'404 Not Found'
>>> response.data
b'not found'

Converts a load hook into an application processor.

>>> app = auto_application()
>>> def f(): "something done before handling request"
>>> app.add_processor(loadhook(f))

Converts an unload hook into an application processor.

>>> app = auto_application()
>>> def f(): "something done after handling request"
>>> app.add_processor(unloadhook(f))    

Returns a method that takes one argument and calls the method named prefix+arg, calling notfound() if there isn’t one. Example:

urls = (‘/prefs/(.*)’, ‘prefs’)

class prefs:
GET = autodelegate(‘GET_‘) def GET_password(self): pass def GET_privacy(self): pass

GET_password would get called for /prefs/password while GET_privacy for GET_privacy gets called for /prefs/privacy.

If a user visits /prefs/password/change then GET_password(self, ‘/change’) is called.


Database API (part of web.py)

exception web.db.UnknownParamstyle

raised for unsupported db paramstyles

(currently supported: qmark, numeric, format, pyformat)

exception web.db.UnknownDB

raised for unsupported dbms


Converts the arguments for use in something like a WHERE clause.

>>> sqllist(['a', 'b'])
'a, b'
>>> sqllist('a')
web.db.sqlors(left, lst)

left is a SQL clause like `tablename.arg = ` and `lst is a list of values. Returns a reparam-style pair featuring the SQL that ORs together the clause for each item in the lst.

>>> sqlors('foo = ', [])
<sql: '1=2'>
>>> sqlors('foo = ', [1])
<sql: 'foo = 1'>
>>> sqlors('foo = ', 1)
<sql: 'foo = 1'>
>>> sqlors('foo = ', [1,2,3])
<sql: '(foo = 1 OR foo = 2 OR foo = 3 OR 1=2)'>
web.db.reparam(string_, dictionary)

Takes a string and a dictionary and interpolates the string using values from the dictionary. Returns an SQLQuery for the result.

>>> reparam("s = $s", dict(s=True))
<sql: "s = 't'">
>>> reparam("s IN $s", dict(s=[1, 2]))
<sql: 's IN (1, 2)'>

Ensures a is quoted properly for use in a SQL query.

>>> 'WHERE x = ' + sqlquote(True) + ' AND y = ' + sqlquote(3)
<sql: "WHERE x = 't' AND y = 3">
>>> 'WHERE x = ' + sqlquote(True) + ' AND y IN ' + sqlquote([2, 3])
<sql: "WHERE x = 't' AND y IN (2, 3)">
class web.db.SQLQuery(items=None)

You can pass this sort of thing as a clause in any db function. Otherwise, you can pass a dictionary to the keyword argument vars and the function will call reparam for you.

Internally, consists of items, which is a list of strings and SQLParams, which get concatenated to produce the actual query.

static join(items, sep=' ', prefix=None, suffix=None, target=None)

Joins multiple queries.

>>> SQLQuery.join(['a', 'b'], ', ')
<sql: 'a, b'>

Optinally, prefix and suffix arguments can be provided.

>>> SQLQuery.join(['a', 'b'], ', ', prefix='(', suffix=')')
<sql: '(a, b)'>

If target argument is provided, the items are appended to target instead of creating a new SQLQuery.

Returns the query part of the sql query.
>>> q = SQLQuery(["SELECT * FROM test WHERE name=", SQLParam('joe')])
>>> q.query()
'SELECT * FROM test WHERE name=%s'
>>> q.query(paramstyle='qmark')
'SELECT * FROM test WHERE name=?'
Returns the values of the parameters used in the sql query.
>>> q = SQLQuery(["SELECT * FROM test WHERE name=", SQLParam('joe')])
>>> q.values()
class web.db.SQLParam(value)

Parameter in SQLQuery.

>>> q = SQLQuery(["SELECT * FROM test WHERE name=", SQLParam("joe")])
>>> q
<sql: "SELECT * FROM test WHERE name='joe'">
>>> q.query()
'SELECT * FROM test WHERE name=%s'
>>> q.values()

alias of SQLParam

class web.db.SQLLiteral(v)

Protects a string from sqlquote.

>>> sqlquote('NOW()')
<sql: "'NOW()'">
>>> sqlquote(SQLLiteral('NOW()'))
<sql: 'NOW()'>

alias of SQLLiteral

web.db.database(dburl=None, **params)

Creates appropriate database using params.

Pooling will be enabled if DBUtils module is available. Pooling can be disabled by passing pooling=False in params.

class web.db.DB(db_module, keywords)


delete(table, where, using=None, vars=None, _test=False)

Deletes from table with clauses where and using.

>>> db = DB(None, {})
>>> name = 'Joe'
>>> db.delete('foo', where='name = $name', vars=locals(), _test=True)
<sql: "DELETE FROM foo WHERE name = 'Joe'">
insert(tablename, seqname=None, _test=False, **values)

Inserts values into tablename. Returns current sequence ID. Set seqname to the ID if it’s not the default, or to False if there isn’t one.

>>> db = DB(None, {})
>>> q = db.insert('foo', name='bob', age=2, created=SQLLiteral('NOW()'), _test=True)
>>> q
<sql: "INSERT INTO foo (age, created, name) VALUES (2, NOW(), 'bob')">
>>> q.query()
'INSERT INTO foo (age, created, name) VALUES (%s, NOW(), %s)'
>>> q.values()
[2, 'bob']
multiple_insert(tablename, values, seqname=None, _test=False)

Inserts multiple rows into tablename. The values must be a list of dictioanries, one for each row to be inserted, each with the same set of keys. Returns the list of ids of the inserted rows. Set seqname to the ID if it’s not the default, or to False if there isn’t one.

>>> db = DB(None, {})
>>> db.supports_multiple_insert = True
>>> values = [{"name": "foo", "email": "foo@example.com"}, {"name": "bar", "email": "bar@example.com"}]
>>> db.multiple_insert('person', values=values, _test=True)
<sql: "INSERT INTO person (email, name) VALUES ('foo@example.com', 'foo'), ('bar@example.com', 'bar')">
query(sql_query, vars=None, processed=False, _test=False)

Execute SQL query sql_query using dictionary vars to interpolate it. If processed=True, vars is a reparam-style list to use instead of interpolating.

>>> db = DB(None, {})
>>> db.query("SELECT * FROM foo", _test=True)
<sql: 'SELECT * FROM foo'>
>>> db.query("SELECT * FROM foo WHERE x = $x", vars=dict(x='f'), _test=True)
<sql: "SELECT * FROM foo WHERE x = 'f'">
>>> db.query("SELECT * FROM foo WHERE x = " + sqlquote('f'), _test=True)
<sql: "SELECT * FROM foo WHERE x = 'f'">
select(tables, vars=None, what='*', where=None, order=None, group=None, limit=None, offset=None, _test=False)

Selects what from tables with clauses where, order, group, limit, and offset. Uses vars to interpolate. Otherwise, each clause can be a SQLQuery.

>>> db = DB(None, {})
>>> db.select('foo', _test=True)
<sql: 'SELECT * FROM foo'>
>>> db.select(['foo', 'bar'], where="foo.bar_id = bar.id", limit=5, _test=True)
<sql: 'SELECT * FROM foo, bar WHERE foo.bar_id = bar.id LIMIT 5'>
>>> db.select('foo', where={'id': 5}, _test=True)
<sql: 'SELECT * FROM foo WHERE id = 5'>

Start a transaction.

update(tables, where, vars=None, _test=False, **values)

Update tables with clause where (interpolated using vars) and setting values.

>>> db = DB(None, {})
>>> name = 'Joseph'
>>> q = db.update('foo', where='name = $name', name='bob', age=2,
...     created=SQLLiteral('NOW()'), vars=locals(), _test=True)
>>> q
<sql: "UPDATE foo SET age = 2, created = NOW(), name = 'bob' WHERE name = 'Joseph'">
>>> q.query()
'UPDATE foo SET age = %s, created = NOW(), name = %s WHERE name = %s'
>>> q.values()
[2, 'bob', 'Joseph']
where(table, what='*', order=None, group=None, limit=None, offset=None, _test=False, **kwargs)

Selects from table where keys are equal to values in kwargs.

>>> db = DB(None, {})
>>> db.where('foo', bar_id=3, _test=True)
<sql: 'SELECT * FROM foo WHERE bar_id = 3'>
>>> db.where('foo', source=2, crust='dewey', _test=True)
<sql: "SELECT * FROM foo WHERE crust = 'dewey' AND source = 2">
>>> db.where('foo', _test=True)
<sql: 'SELECT * FROM foo'>


Network Utilities (from web.py)


Returns True if address is a valid IPv4 address.

>>> validipaddr('')
>>> validipaddr('')
>>> validipaddr('192.168.1')

Returns True if address is a valid IPv6 address.

>>> validip6addr('::')
>>> validip6addr('aaaa:bbbb:cccc:dddd::1')
>>> validip6addr('1:2:3:4:5:6:7:8:9:10')
>>> validip6addr('12:10')

Returns True if port is a valid IPv4 port.

>>> validipport('9000')
>>> validipport('foo')
>>> validipport('1000000')
web.net.validip(ip, defaultaddr='', defaultport=8080)

Returns (ip_address, port) from string ip_addr_port >>> validip(‘’) (‘’, 8080) >>> validip(‘80’) (‘’, 80) >>> validip(‘’) (‘’, 85) >>> validip(‘::’) (‘::’, 8080) >>> validip(‘[::]:88’) (‘::’, 88) >>> validip(‘[::1]:80’) (‘::1’, 80)


Returns either (ip_address, port) or “/path/to/socket” from string_

>>> validaddr('/path/to/socket')
>>> validaddr('8000')
('', 8000)
>>> validaddr('')
('', 8080)
>>> validaddr('')
('', 8000)
>>> validip('[::1]:80')
('::1', 80)
>>> validaddr('fff')
Traceback (most recent call last):
ValueError: fff is not a valid IP address/port

Quotes a string for use in a URL.

>>> urlquote('://?f=1&j=1')
>>> urlquote(None)
>>> urlquote(u'\u203d')

Formats a datetime object for use in HTTP headers.

>>> import datetime
>>> httpdate(datetime.datetime(1970, 1, 1, 1, 1, 1))
'Thu, 01 Jan 1970 01:01:01 GMT'

Parses an HTTP date into a datetime object.

>>> parsehttpdate('Thu, 01 Jan 1970 01:01:01 GMT')
datetime.datetime(1970, 1, 1, 1, 1, 1)

Encodes text for raw use in HTML.

>>> htmlquote(u"<'&\">")

Decodes text that’s HTML quoted.

>>> htmlunquote(u'&lt;&#39;&amp;&quot;&gt;')

Converts val so that it is safe for use in Unicode HTML.

>>> websafe("<'&\">")
>>> websafe(None)
>>> websafe(u'\u203d') == u'\u203d'


HTML forms (part of web.py)

class web.form.AttributeList

List of atributes of input.

>>> a = AttributeList(type='text', name='x', value=20)
>>> a
<attrs: 'name="x" type="text" value="20"'>
class web.form.Button(name, *validators, **attrs)

HTML Button.

>>> Button("save").render()
u'<button id="save" name="save">save</button>'
>>> Button("action", value="save", html="<b>Save Changes</b>").render()
u'<button id="action" name="action" value="save"><b>Save Changes</b></button>'
class web.form.Checkbox(name, *validators, **attrs)

Checkbox input.

>>> Checkbox('foo', value='bar', checked=True).render()
u'<input checked="checked" id="foo_bar" name="foo" type="checkbox" value="bar"/>'
>>> Checkbox('foo', value='bar').render()
u'<input id="foo_bar" name="foo" type="checkbox" value="bar"/>'
>>> c = Checkbox('foo', value='bar')
>>> c.validate('on')
>>> c.render()
u'<input checked="checked" id="foo_bar" name="foo" type="checkbox" value="bar"/>'
class web.form.Dropdown(name, args, *validators, **attrs)

Dropdown/select input.

>>> Dropdown(name='foo', args=['a', 'b', 'c'], value='b').render()
u'<select id="foo" name="foo">\n  <option value="a">a</option>\n  <option selected="selected" value="b">b</option>\n  <option value="c">c</option>\n</select>\n'
>>> Dropdown(name='foo', args=[('a', 'aa'), ('b', 'bb'), ('c', 'cc')], value='b').render()
u'<select id="foo" name="foo">\n  <option value="a">aa</option>\n  <option selected="selected" value="b">bb</option>\n  <option value="c">cc</option>\n</select>\n'
class web.form.File(name, *validators, **attrs)

File input.

>>> File(name='f').render()
u'<input id="f" name="f" type="file"/>'
class web.form.Form(*inputs, **kw)

HTML form.

>>> f = Form(Textbox("x"))
>>> f.render()
u'<table>\n    <tr><th><label for="x">x</label></th><td><input id="x" name="x" type="text"/></td></tr>\n</table>'
>>> f.fill(x="42")
>>> f.render()
u'<table>\n    <tr><th><label for="x">x</label></th><td><input id="x" name="x" type="text" value="42"/></td></tr>\n</table>'
class web.form.GroupedDropdown(name, args, *validators, **attrs)

Grouped Dropdown/select input.

>>> GroupedDropdown(name='car_type', args=(('Swedish Cars', ('Volvo', 'Saab')), ('German Cars', ('Mercedes', 'Audi'))), value='Audi').render()
u'<select id="car_type" name="car_type">\n  <optgroup label="Swedish Cars">\n    <option value="Volvo">Volvo</option>\n    <option value="Saab">Saab</option>\n  </optgroup>\n  <optgroup label="German Cars">\n    <option value="Mercedes">Mercedes</option>\n    <option selected="selected" value="Audi">Audi</option>\n  </optgroup>\n</select>\n'
>>> GroupedDropdown(name='car_type', args=(('Swedish Cars', (('v', 'Volvo'), ('s', 'Saab'))), ('German Cars', (('m', 'Mercedes'), ('a', 'Audi')))), value='a').render()
u'<select id="car_type" name="car_type">\n  <optgroup label="Swedish Cars">\n    <option value="v">Volvo</option>\n    <option value="s">Saab</option>\n  </optgroup>\n  <optgroup label="German Cars">\n    <option value="m">Mercedes</option>\n    <option selected="selected" value="a">Audi</option>\n  </optgroup>\n</select>\n'
class web.form.Hidden(name, *validators, **attrs)

Hidden Input.

>>> Hidden(name='foo', value='bar').render()
u'<input id="foo" name="foo" type="hidden" value="bar"/>'
class web.form.Password(name, *validators, **attrs)

Password input.

>>> Password(name='password', value='secret').render()
u'<input id="password" name="password" type="password" value="secret"/>'
class web.form.Textarea(name, *validators, **attrs)

Textarea input.

>>> Textarea(name='foo', value='bar').render()
u'<textarea id="foo" name="foo">bar</textarea>'
class web.form.Textbox(name, *validators, **attrs)

Textbox input.

>>> Textbox(name='foo', value='bar').render()
u'<input id="foo" name="foo" type="text" value="bar"/>'
>>> Textbox(name='foo', value=0).render()
u'<input id="foo" name="foo" type="text" value="0"/>'


HTTP Utilities (from web.py)


Outputs an Expires header for delta from now. delta is a timedelta object or a number of seconds.


Outputs a Last-Modified header for datetime.


Sorry, this function is really difficult to explain. Maybe some other time.

web.http.modified(date=None, etag=None)

Checks to see if the page has been modified since the version in the requester’s cache.

When you publish pages, you can include Last-Modified and ETag with the date the page was last modified and an opaque token for the particular version, respectively. When readers reload the page, the browser sends along the modification date and etag value for the version it has in its cache. If the page hasn’t changed, the server can just return 304 Not Modified and not have to send the whole page again.

This function takes the last-modified date date and the ETag etag and checks the headers to see if they match. If they do, it returns True, or otherwise it raises NotModified error. It also sets Last-Modified and ETag output headers.

web.http.changequery(query=None, **kw)

Imagine you’re at /foo?a=1&b=2. Then changequery(a=3) will return /foo?a=3&b=2 – the same URL but with the arguments you requested changed.

web.http.url(path=None, doseq=False, **kw)

Makes url by concatenating web.ctx.homepath and path and the query string created using the arguments.


Outputs basic profiling information at the bottom of each response.


Session Management (from web.py)

class web.session.Session(app, store, initializer=None)

Session management for web.py


Called when an expired session is atime


Kill the session, make it no longer available

class web.session.Store

Base class for session stores


removes all the expired sessions


decodes the data to get back the session dict


encodes session dict as a string

class web.session.DiskStore(root)

Store for saving a session on disk.

>>> import tempfile
>>> root = tempfile.mkdtemp()
>>> s = DiskStore(root)
>>> s['a'] = 'foo'
>>> s['a']
>>> time.sleep(0.01)
>>> s.cleanup(0.01)
>>> s['a']
Traceback (most recent call last):
KeyError: 'a'
class web.session.DBStore(db, table_name)

Store for saving a session in database Needs a table with the following columns:

session_id CHAR(128) UNIQUE NOT NULL, atime DATETIME NOT NULL default current_timestamp, data TEXT


simple, elegant templating (part of web.py)

Template design:

Template string is split into tokens and the tokens are combined into nodes. Parse tree is a nodelist. TextNode and ExpressionNode are simple nodes and for-loop, if-loop etc are block nodes, which contain multiple child nodes.

Each node can emit some python string. python string emitted by the root node is validated for safeeval and executed using python in the given environment.

Enough care is taken to make sure the generated code and the template has line to line match, so that the error messages can point to exact line number in template. (It doesn’t work in some cases still.)


template -> defwith sections defwith -> ‘$def with (‘ arguments ‘)’ | ‘’ sections -> section* section -> block | assignment | line

assignment -> ‘$ ‘ <assignment expression> line -> (text|expr)* text -> <any characters other than $> expr -> ‘$’ pyexpr | ‘$(‘ pyexpr ‘)’ | ‘${‘ pyexpr ‘}’ pyexpr -> <python expression>

class web.template.Render(loc='templates', cache=None, base=None, **keywords)

The most preferred way of using templates.

render = web.template.render(‘templates’) print render.foo()

Optional parameter can be base can be used to pass output of every template through the base template.

render = web.template.render(‘templates’, base=’layout’)

alias of Render

web.template.frender(path, **keywords)

Creates a template from the given file path.

exception web.template.SecurityError

The template seems to be trying to do something naughty.


Doctest for testing template module.

Define a utility function to run template test.

>>> class TestResult:
...     def __init__(self, t): self.t = t
...     def __getattr__(self, name): return getattr(self.t, name)
...     def __repr__(self): return repr(unicode(self.t) if PY2 else str(self.t))
>>> def t(code, **keywords):
...     tmpl = Template(code, **keywords)
...     return lambda *a, **kw: TestResult(tmpl(*a, **kw))

Simple tests.

>>> t('1')()
>>> t('$def with ()\n1')()
>>> t('$def with (a)\n$a')(1)
>>> t('$def with (a=0)\n$a')(1)
>>> t('$def with (a=0)\n$a')(a=1)

Test complicated expressions.

>>> t('$def with (x)\n$x.upper()')('hello')
>>> t('$(2 * 3 + 4 * 5)')()
>>> t('${2 * 3 + 4 * 5}')()
>>> t('$def with (limit)\nkeep $(limit)ing.')('go')
u'keep going.\n'
>>> t('$def with (a)\n$a.b[0]')(storage(b=[1]))

Test html escaping.

>>> t('$def with (x)\n$x', filename='a.html')('<html>')
>>> t('$def with (x)\n$x', filename='a.txt')('<html>')

Test if, for and while.

>>> t('$if 1: 1')()
>>> t('$if 1:\n    1')()
>>> t('$if 1:\n    1\\')()
>>> t('$if 0: 0\n$elif 1: 1')()
>>> t('$if 0: 0\n$elif None: 0\n$else: 1')()
>>> t('$if 0 < 1 and 1 < 2: 1')()
>>> t('$for x in [1, 2, 3]: $x')()
>>> t('$def with (d)\n$for k, v in d.items(): $k')({1: 1})
>>> t('$for x in [1, 2, 3]:\n\t$x')()
u'    1\n    2\n    3\n'
>>> t('$def with (a)\n$while a and a.pop():1')([1, 2, 3])

The space after : must be ignored.

>>> t('$if True: foo')()

Test loop.xxx.

>>> t("$for i in range(5):$loop.index, $loop.parity")()
u'1, odd\n2, even\n3, odd\n4, even\n5, odd\n'
>>> t("$for i in range(2):\n    $for j in range(2):$loop.parent.parity $loop.parity")()
u'odd odd\nodd even\neven odd\neven even\n'

Test assignment.

>>> t('$ a = 1\n$a')()
>>> t('$ a = [1]\n$a[0]')()
>>> t('$ a = {1: 1}\n$list(a.keys())[0]')()
>>> t('$ a = []\n$if not a: 1')()
>>> t('$ a = {}\n$if not a: 1')()
>>> t('$ a = -1\n$a')()
>>> t('$ a = "1"\n$a')()

Test comments.

>>> t('$# 0')()
>>> t('hello$#comment1\nhello$#comment2')()
>>> t('$#comment0\nhello$#comment1\nhello$#comment2')()

Test unicode.

>>> t('$def with (a)\n$a')(u'\u203d')
>>> t(u'$def with (a)\n$a $:a')(u'\u203d')
u'\u203d \u203d\n'
>>> t(u'$def with ()\nfoo')()
>>> def f(x): return x
>>> t(u'$def with (f)\n$:f("x")')(f)
>>> t('$def with (f)\n$:f("x")')(f)

Test dollar escaping.

>>> t("Stop, $$money isn't evaluated.")()
u"Stop, $money isn't evaluated.\n"
>>> t("Stop, \$money isn't evaluated.")()
u"Stop, $money isn't evaluated.\n"

Test space sensitivity.

>>> t('$def with (x)\n$x')(1)
>>> t('$def with(x ,y)\n$x')(1, 1)
>>> t('$(1 + 2*3 + 4)')()

Make sure globals are working.

>>> t('$x')()
Traceback (most recent call last):
NameError: global name 'x' is not defined
>>> t('$x', globals={'x': 1})()

Can’t change globals.

>>> t('$ x = 2\n$x', globals={'x': 1})()
>>> t('$ x = x + 1\n$x', globals={'x': 1})()
Traceback (most recent call last):
UnboundLocalError: local variable 'x' referenced before assignment

Make sure builtins are customizable.

>>> t('$min(1, 2)')()
>>> t('$min(1, 2)', builtins={})()
Traceback (most recent call last):
NameError: global name 'min' is not defined

Test vars.

>>> x = t('$var x: 1')()
>>> x.x
>>> x = t('$var x = 1')()
>>> x.x
>>> x = t('$var x:  \n    foo\n    bar')()
>>> x.x

Test BOM chars.

>>> t('\xef\xbb\xbf$def with(x)\n$x')('foo')

Test for with weird cases.

>>> t('$for i in range(10)[1:5]:\n    $i')()
>>> t("$for k, v in sorted({'a': 1, 'b': 2}.items()):\n    $k $v", globals={'sorted':sorted})()
u'a 1\nb 2\n'

Test for syntax error.

>>> try:
...     t("$for k, v in ({'a': 1, 'b': 2}.items():\n    $k $v")()
... except SyntaxError:
...     print("OK")
... else:
...     print("Expected SyntaxError")

Test datetime.

>>> import datetime
>>> t("$def with (date)\n$date.strftime('%m %Y')")(datetime.datetime(2009, 1, 1))
u'01 2009\n'


General Utilities (part of web.py)

class web.utils.Storage

A Storage object is like a dictionary except obj.foo can be used in addition to obj[‘foo’].

>>> o = storage(a=1)
>>> o.a
>>> o['a']
>>> o.a = 2
>>> o['a']
>>> del o.a
>>> o.a
Traceback (most recent call last):
AttributeError: 'a'

alias of Storage

web.utils.storify(mapping, *requireds, **defaults)

Creates a storage object from dictionary mapping, raising KeyError if d doesn’t have all of the keys in requireds and using the default values for keys found in defaults.

For example, storify({‘a’:1, ‘c’:3}, b=2, c=0) will return the equivalent of storage({‘a’:1, ‘b’:2, ‘c’:3}).

If a storify value is a list (e.g. multiple values in a form submission), storify returns the last element of the list, unless the key appears in defaults as a list. Thus:

>>> storify({'a':[1, 2]}).a
>>> storify({'a':[1, 2]}, a=[]).a
[1, 2]
>>> storify({'a':1}, a=[]).a
>>> storify({}, a=[]).a

Similarly, if the value has a value attribute, storify will return _its_ value, unless the key appears in `defaults as a dictionary.

>>> storify({'a':storage(value=1)}).a
>>> storify({'a':storage(value=1)}, a={}).a
<Storage {'value': 1}>
>>> storify({}, a={}).a
class web.utils.Counter

Keeps count of how many times something is added.

>>> c = counter()
>>> c.add('x')
>>> c.add('x')
>>> c.add('x')
>>> c.add('x')
>>> c.add('x')
>>> c.add('y')
>>> c['y']
>>> c['x']
>>> c.most()

Returns the keys with mininum count.


Returns the keys with maximum count.


Returns what percentage a certain key is of all entries.

>>> c = counter()
>>> c.add('x')
>>> c.add('x')
>>> c.add('x')
>>> c.add('y')
>>> c.percent('x')
>>> c.percent('y')

Returns items sorted by value.

>>> c = counter()
>>> c.add('x')
>>> c.add('x')
>>> c.add('y')
>>> c.sorted_items()
[('x', 2), ('y', 1)]

Returns keys sorted by value.

>>> c = counter()
>>> c.add('x')
>>> c.add('x')
>>> c.add('y')
>>> c.sorted_keys()
['x', 'y']

Returns values sorted by value.

>>> c = counter()
>>> c.add('x')
>>> c.add('x')
>>> c.add('y')
>>> c.sorted_values()
[2, 1]

alias of Counter

web.utils.rstrips(text, remove)

removes the string remove from the right of text

>>> rstrips("foobar", "bar")
web.utils.lstrips(text, remove)

removes the string remove from the left of text

>>> lstrips("foobar", "foo")
>>> lstrips('http://foo.org/', ['http://', 'https://'])
>>> lstrips('FOOBARBAZ', ['FOO', 'BAR'])
>>> lstrips('FOOBARBAZ', ['BAR', 'FOO'])
web.utils.strips(text, remove)

removes the string remove from the both sides of text

>>> strips("foobarfoo", "foo")
web.utils.safeunicode(obj, encoding='utf-8')

Converts any given object to unicode string.

>>> safeunicode('hello')
>>> safeunicode(2)
>>> safeunicode('\xe1\x88\xb4')
web.utils.safestr(obj, encoding='utf-8')

Converts any given object to utf-8 encoded string.

>>> safestr('hello')
>>> safestr(2)

A decorator to limit a function to timeout seconds, raising TimeoutError if it takes longer.

>>> import time
>>> def meaningoflife():
...     time.sleep(.2)
...     return 42
>>> timelimit(.1)(meaningoflife)()
Traceback (most recent call last):
RuntimeError: took too long
>>> timelimit(1)(meaningoflife)()

_Caveat:_ The function isn’t stopped after timeout seconds but continues executing in a separate thread. (There seems to be no way to kill a thread.)

inspired by <http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/473878>

class web.utils.Memoize(func, expires=None, background=True)

‘Memoizes’ a function, caching its return values for each input. If expires is specified, values are recalculated after expires seconds. If background is specified, values are recalculated in a separate thread.

>>> calls = 0
>>> def howmanytimeshaveibeencalled():
...     global calls
...     calls += 1
...     return calls
>>> fastcalls = memoize(howmanytimeshaveibeencalled)
>>> howmanytimeshaveibeencalled()
>>> howmanytimeshaveibeencalled()
>>> fastcalls()
>>> fastcalls()
>>> import time
>>> fastcalls = memoize(howmanytimeshaveibeencalled, .1, background=False)
>>> fastcalls()
>>> fastcalls()
>>> time.sleep(.2)
>>> fastcalls()
>>> def slowfunc():
...     time.sleep(.1)
...     return howmanytimeshaveibeencalled()
>>> fastcalls = memoize(slowfunc, .2, background=True)
>>> fastcalls()
>>> timelimit(.05)(fastcalls)()
>>> time.sleep(.2)
>>> timelimit(.05)(fastcalls)()
>>> timelimit(.05)(fastcalls)()
>>> time.sleep(.2)
>>> timelimit(.05)(fastcalls)()
>>> fastcalls = memoize(slowfunc, None, background=True)
>>> threading.Thread(target=fastcalls).start()
>>> time.sleep(.01)
>>> fastcalls()

alias of Memoize

web.utils.re_subm(pat, repl, string)

Like re.sub, but returns the replacement _and_ the match object.

>>> t, m = re_subm('g(oo+)fball', r'f\1lish', 'goooooofball')
>>> t
>>> m.groups()
web.utils.group(seq, size)

Returns an iterator over a series of lists of length size from iterable.

>>> list(group([1,2,3,4], 2))
[[1, 2], [3, 4]]
>>> list(group([1,2,3,4,5], 2))
[[1, 2], [3, 4], [5]]
web.utils.uniq(seq, key=None)

Removes duplicate elements from a list while preserving the order of the rest.

>>> uniq([9,0,2,1,0])
[9, 0, 2, 1]

The value of the optional key parameter should be a function that takes a single argument and returns a key to test the uniqueness.

>>> uniq(["Foo", "foo", "bar"], key=lambda s: s.lower())
['Foo', 'bar']

Takes an iterable x and returns an iterator over it which prints its progress to stderr as it iterates through.

class web.utils.IterBetter(iterator)

Returns an object that can be used as an iterator but can also be used via __getitem__ (although it cannot go backwards – that is, you cannot request iterbetter[0] after requesting iterbetter[1]).

>>> import itertools
>>> c = iterbetter(itertools.count())
>>> c[1]
>>> c[5]
>>> c[3]
Traceback (most recent call last):
IndexError: already passed 3

It is also possible to get the first value of the iterator or None.

>>> c = iterbetter(iter([3, 4, 5]))
>>> print(c.first())
>>> c = iterbetter(iter([]))
>>> print(c.first())

For boolean test, IterBetter peeps at first value in the itertor without effecting the iteration.

>>> c = iterbetter(iter(range(5)))
>>> bool(c)
>>> list(c)
[0, 1, 2, 3, 4]
>>> c = iterbetter(iter([]))
>>> bool(c)
>>> list(c)

Returns the first element of the iterator or None when there are no elements.

If the optional argument default is specified, that is returned instead of None when there are no elements.


alias of IterBetter

web.utils.safeiter(it, cleanup=None, ignore_errors=True)

Makes an iterator safe by ignoring the exceptions occured during the iteration.

web.utils.safewrite(filename, content)

Writes the content to a temp file and then moves the temp file to given filename to avoid overwriting the existing file in case of errors.


Returns a new dictionary with keys and values swapped.

>>> dictreverse({1: 2, 3: 4})
{2: 1, 4: 3}
web.utils.dictfind(dictionary, element)

Returns a key whose value in dictionary is element or, if none exists, None.

>>> d = {1:2, 3:4}
>>> dictfind(d, 4)
>>> dictfind(d, 5)
web.utils.dictfindall(dictionary, element)

Returns the keys whose values in dictionary are element or, if none exists, [].

>>> d = {1:4, 3:4}
>>> dictfindall(d, 4)
[1, 3]
>>> dictfindall(d, 5)
web.utils.dictincr(dictionary, element)

Increments element in dictionary, setting it to one if it doesn’t exist.

>>> d = {1:2, 3:4}
>>> dictincr(d, 1)
>>> d[1]
>>> dictincr(d, 5)
>>> d[5]

Returns a dictionary consisting of the keys in the argument dictionaries. If they share a key, the value from the last argument is used.

>>> dictadd({1: 0, 2: 0}, {2: 1, 3: 1})
{1: 0, 2: 1, 3: 1}
web.utils.requeue(queue, index=-1)

Returns the element at index after moving it to the beginning of the queue.

>>> x = [1, 2, 3, 4]
>>> requeue(x)
>>> x
[4, 1, 2, 3]
web.utils.restack(stack, index=0)

Returns the element at index after moving it to the top of stack.

>>> x = [1, 2, 3, 4]
>>> restack(x)
>>> x
[2, 3, 4, 1]
web.utils.listget(lst, ind, default=None)

Returns lst[ind] if it exists, default otherwise.

>>> listget(['a'], 0)
>>> listget(['a'], 1)
>>> listget(['a'], 1, 'b')
web.utils.intget(integer, default=None)

Returns integer as an int or default if it can’t.

>>> intget('3')
>>> intget('3a')
>>> intget('3a', 0)
web.utils.datestr(then, now=None)

Converts a (UTC) datetime object to a nice string representation.

>>> from datetime import datetime, timedelta
>>> d = datetime(1970, 5, 1)
>>> datestr(d, now=d)
'0 microseconds ago'
>>> for t, v in iteritems({
...   timedelta(microseconds=1): '1 microsecond ago',
...   timedelta(microseconds=2): '2 microseconds ago',
...   -timedelta(microseconds=1): '1 microsecond from now',
...   -timedelta(microseconds=2): '2 microseconds from now',
...   timedelta(microseconds=2000): '2 milliseconds ago',
...   timedelta(seconds=2): '2 seconds ago',
...   timedelta(seconds=2*60): '2 minutes ago',
...   timedelta(seconds=2*60*60): '2 hours ago',
...   timedelta(days=2): '2 days ago',
... }):
...     assert datestr(d, now=d+t) == v
>>> datestr(datetime(1970, 1, 1), now=d)
'January  1'
>>> datestr(datetime(1969, 1, 1), now=d)
'January  1, 1969'
>>> datestr(datetime(1970, 6, 1), now=d)
'June  1, 1970'
>>> datestr(None)

Removes all non-digit characters from string.

>>> numify('800-555-1212')
>>> numify('800.555.1212')
web.utils.denumify(string, pattern)

Formats string according to pattern, where the letter X gets replaced by characters from string.

>>> denumify("8005551212", "(XXX) XXX-XXXX")
'(800) 555-1212'

Add commas to an integer n.

>>> commify(1)
>>> commify(123)
>>> commify(1234)
>>> commify(1234567890)
>>> commify(123.0)
>>> commify(1234.5)
>>> commify(1234.56789)
>>> commify('%.2f' % 1234.5)
>>> commify(None)

Formats a numified datestring properly.


Formats an ordinal. Doesn’t handle negative numbers.

>>> nthstr(1)
>>> nthstr(0)
>>> [nthstr(x) for x in [2, 3, 4, 5, 10, 11, 12, 13, 14, 15]]
['2nd', '3rd', '4th', '5th', '10th', '11th', '12th', '13th', '14th', '15th']
>>> [nthstr(x) for x in [91, 92, 93, 94, 99, 100, 101, 102]]
['91st', '92nd', '93rd', '94th', '99th', '100th', '101st', '102nd']
>>> [nthstr(x) for x in [111, 112, 113, 114, 115]]
['111th', '112th', '113th', '114th', '115th']
web.utils.cond(predicate, consequence, alternative=None)

Function replacement for if-else to use in expressions.

>>> x = 2
>>> cond(x % 2 == 0, "even", "odd")
>>> cond(x % 2 == 0, "even", "odd") + '_row'
class web.utils.CaptureStdout(func)

Captures everything func prints to stdout and returns it instead.

>>> def idiot():
...     print("foo")
>>> capturestdout(idiot)()

WARNING: Not threadsafe!


alias of CaptureStdout

class web.utils.Profile(func)

Profiles func and returns a tuple containing its output and a string with human-readable profiling information.

>>> import time
>>> out, inf = profile(time.sleep)(.001)
>>> out
>>> inf[:10].strip()
'took 0.0'

alias of Profile

web.utils.tryall(context, prefix=None)

Tries a series of functions and prints their results. context is a dictionary mapping names to values; the value will only be tried if it’s callable.

>>> tryall(dict(j=lambda: True))
j: True
   True: 1

For example, you might have a file test/stuff.py with a series of functions testing various things in it. At the bottom, have a line:

if __name__ == “__main__”: tryall(globals())

Then you can run python test/stuff.py and get the results of all the tests.

class web.utils.ThreadedDict

Thread local storage.

>>> d = ThreadedDict()
>>> d.x = 1
>>> d.x
>>> import threading
>>> def f(): d.x = 2
>>> t = threading.Thread(target=f)
>>> t.start()
>>> t.join()
>>> d.x
static clear_all()

Clears all ThreadedDict instances.


alias of ThreadedDict

web.utils.autoassign(self, locals)

Automatically assigns local variables to self.

>>> self = storage()
>>> autoassign(self, dict(a=1, b=2))
>>> self.a
>>> self.b

Generally used in __init__ methods, as in:

def __init__(self, foo, bar, baz=1): autoassign(self, locals())

Converts an integer to base 36 (a useful scheme for human-sayable IDs).

>>> to36(35)
>>> to36(119292)
>>> int(to36(939387374), 36)
>>> to36(0)
>>> to36(-393)
Traceback (most recent call last):
ValueError: must supply a positive integer

Converts text to HTML following the rules of Markdown, but blocking any outside HTML input, so that only the things supported by Markdown can be used. Also converts raw URLs to links.

(requires [markdown.py](http://webpy.org/markdown.py))

web.utils.sendmail(from_address, to_address, subject, message, headers=None, **kw)

Sends the email message message with mail and envelope headers for from from_address_ to to_address with subject. Additional email headers can be specified with the dictionary `headers.

Optionally cc, bcc and attachments can be specified as keyword arguments. Attachments must be an iterable and each attachment can be either a filename or a file object or a dictionary with filename, content and optionally content_type keys.

If web.config.smtp_server is set, it will send the message to that SMTP server. Otherwise it will look for /usr/sbin/sendmail, the typical location for the sendmail-style binary. To use sendmail from a different path, set web.config.sendmail_path.


Web API (wrapper around WSGI) (from web.py)

web.webapi.header(hdr, value, unique=False)

Adds the header hdr: value with the response.

If unique is True and a header with that name already exists, it doesn’t add a new one.


Prints a prettyprinted version of args to stderr.

web.webapi.input(*requireds, **defaults)

Returns a storage object with the GET and POST arguments. See storify for how requireds and defaults work.


Returns the data sent with the request.

web.webapi.setcookie(name, value, expires='', domain=None, secure=False, httponly=False, path=None)

Sets a cookie.

web.webapi.cookies(*requireds, **defaults)

Returns a storage object with all the request cookies in it.

See storify for how requireds and defaults work.

This is forgiving on bad HTTP_COOKIE input, it tries to parse at least the cookies it can.

The values are converted to unicode if _unicode=True is passed.

exception web.webapi.OK(data='', headers={})

200 OK status

exception web.webapi.Created(data='Created', headers={})

201 Created status

exception web.webapi.Accepted(data='Accepted', headers={})

202 Accepted status

exception web.webapi.NoContent(data='No Content', headers={})

204 No Content status


alias of OK


alias of Created


alias of Accepted


alias of NoContent

exception web.webapi.Redirect(url, status='301 Moved Permanently', absolute=False)

A 301 Moved Permanently redirect.

exception web.webapi.Found(url, absolute=False)

A 302 Found redirect.

exception web.webapi.SeeOther(url, absolute=False)

A 303 See Other redirect.

exception web.webapi.NotModified

A 304 Not Modified status.

exception web.webapi.TempRedirect(url, absolute=False)

A 307 Temporary Redirect redirect.


alias of Redirect


alias of Found


alias of SeeOther


alias of NotModified


alias of TempRedirect

exception web.webapi.BadRequest(message=None)

400 Bad Request error.

exception web.webapi.Unauthorized(message=None)

401 Unauthorized error.

exception web.webapi.Forbidden(message=None)

403 Forbidden error.


Returns HTTPError with ‘404 Not Found’ error from the active application.

exception web.webapi.NoMethod(cls=None)

A 405 Method Not Allowed error.

exception web.webapi.NotAcceptable(message=None)

406 Not Acceptable error.

exception web.webapi.Conflict(message=None)

409 Conflict error.

exception web.webapi.Gone(message=None)

410 Gone error.

exception web.webapi.PreconditionFailed(message=None)

412 Precondition Failed error.

exception web.webapi.UnsupportedMediaType(message=None)

415 Unsupported Media Type error.


Returns HTTPError with ‘415 Unavailable For Legal Reasons’ error from the active application.


alias of BadRequest


alias of Unauthorized


alias of Forbidden


Returns HTTPError with ‘404 Not Found’ error from the active application.


alias of NoMethod


alias of NotAcceptable


alias of Conflict


alias of Gone


alias of PreconditionFailed


alias of UnsupportedMediaType


Returns HTTPError with ‘415 Unavailable For Legal Reasons’ error from the active application.


Returns HTTPError with ‘500 internal error’ error from the active application.


Returns HTTPError with ‘500 internal error’ error from the active application.