An alpha version of PyScript just came out, with tagline "Run Python in Your HTML". Let's check it out.
Documentation is mostly all wrong, so there's a lot of steps to get it even running.
Download
The download instructions are:
- Download PyScript now
- Unzip the downloaded file
- Copy the assets you want to use and add the following lines to your html file
There's just one problem, there are no asset files in that zip.
So instead we need to manually download https://pyscript.net/alpha/pyscript.css and https://pyscript.net/alpha/pyscript.js instead.
That however does not work, as it then crashes trying to get pyscript.py
, so we need to get https://pyscript.net/alpha/pyscript.py as well.
Local server
I tried just creating a Hello World HTML and opening it as a local file, but that got into instant CORS error.
It's unfortunately more and more common with anything that uses modern web technologies.
Fortunately Python comes with a builtin HTTP server, so we can run python3 -m http.server 8080
and then open http://localhost:8080/hello.html
Hello, World!
OK, with that out of the way, let's write the simplest possible Python script:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Hello World</title>
<link rel="stylesheet" href="./pyscript.css" />
<script defer src="./pyscript.js"></script>
</head>
<body>
<py-script>
print("Hello World")
</py-script>
</body>
</html>
If opened from local server, it at least no longer gets any errors in the network tab.
What happens then is that about 10% of time I get "Hello World" printed. And 90% of time there's an error in console like this:
JsException: SyntaxError: Failed to execute 'querySelector' on 'Document': '#-49bea52c-4893-412d-cba1-447d24c65f0a' is not a valid selector.
And only a pink bar in the document. I thought it might be some issues with some Chrome Extensions, so I tried it in an incognito window or in Safari, same thing.
It's very clearly some race condition.
Should you use PyScript?
Obviously not yet.
Coming next
I want to come back to PyScript at some point, but in the next episode we'll actually take a look at Opal Ruby, which recently got 1.5 release.
Top comments (5)
The other day, I was tinkering around that library hunting for security vulns, turns out that the majority of
os
methods are blocked by default. So, I was attempting the following:Which gives the following output:
Meaning that an error was thrown. However, you can run the following:
which returns:
Same for the
subprocess
module:Which throws an error when executing it.
So, the framework is pretty secure. Other than the race condition, the only downside is being ridiculously slow. I am not sure whether or not it is a problem tied to the framework or the language itself: python. Most likely the latter. I will be investigating this over the weekend.
It runs in WASM so any vulnerabilities you'd get would be browser vulnerabilities, right?
There's probably some fake emulated "file system", wasm running in the browser has no access to platform files.
Damn…
The problems I ran into are probably going to get fixed over the next few weeks. PyScript is officially "alpha".
Ah that’s okay then