This is a work in progress feature list of Playdoh.
For a list of useful libraries (bundled with playdoh or not), check out
The base: Django
At the time of writing, Playdoh is based on Django 1.4.5.
- jinja2 instead of Django’s built-in templating
- some helper utils called jingo to tie
it into Django.
Playdoh’s enhancements to raise django apps’ scalability:
“Secure by default” policy. Security enhancements applied:
- X-Frame-Options: Deny (part of commonware) set on all responses unless
opted out per response.
- Stronger password hashing for
Django’s built-in auth system. Default: sha512. Recommendation:
bcrypt + HMAC.
- secure=True and httponly=True enabled by default
on all cookies set through django’s cookie facility, opt-out possible by
cookie. (part of commonware).
- Greatly reduced the need for the use of |safe in templates,
to minimize opportunities for XSS vulnerabilities. The |fe() helper is
part of jingo, and django_safeforms is
- bleach library bundled for
secure-by-default, but heavily customizable HTML sanitization of user input.
- Used django-session-csrf
to replace Django’s built-in, cookie-based CSRF method with a common,
session-based method. This mitigates the risk of cookie forging attacks.
Advanced Localization (L10n) tool chain, focusing on localizable web apps by
Tools and enhancements:
- jinja2‘s integrated L10n extension based on Babel.
- Enhanced string extraction tools and template tags through tower.
detecting user’s preferred content locale and sticking it into the URL:
Django’s built-in test framework. Enhancements: