Lab 02 - HTML, CSS & Flask


  • Basic Web frontend coding (HTML + CSS)
  • Browser Development Tools (i.e., Web Inspector)
  • Backend: Python + Flask
  • Forms and authentication (user sessions)
  • Advanced HTTP: file uploading



With the emergence of the Internet and its undeniable commercial importance, web development became a necessary software skill for an engineer to have.

A web site / application has two major components:

  • the frontend: the user interface, displayed with the help of a client-side browser; written in HTML + CSS, optionally employing JavaScript for better interactivity;
  • the backend: an optional server-side program used to provide additional web services to the users such as authentication, data persistence, database searching etc.

In the typical scenario, the user opens a website by using a known URL. After optionally doing the DNS resolution to obtain an IP address, the browser connects to the server using the HTTP protocol (optionally encrypted using TLS) and requests the web page using specific HTTP headers. The server software will then parse the message, identify the requested document or dynamic application, do optional processing (e.g., invoke a routine / server-side script / CGI program to generate the webpage's HTML contents) and send the results back to the client's browser for displaying (or download, in some cases).

Frontend Basics

On the client-side, HyperText Markup Language (HTML) is the de-facto standard language accepted by all browsers to describe the aspect and contents of a web page. A HTML document is built using nested elements (i.e., tags) describing the structure (layout) of the page, text / graphical content and, optionally, client-side scripts and metadata. Each HTML element may have a series of pre-defined properties (e.g., paragraph / line splitting, bigger/smaller font sizes, form input behavior etc.) which may (or may not) be altered using attributes specified between a tag's angle brackets:

<tag1 attribute1="attribute value" id="unique-name-here">
  <anothertag style="CSS properties">inside</anothertag>
  <p>paragraph <b>bold face</b></p>

HTML is often paired together with Cascading Style Sheets, a style definition language used to modify layout / content properties for multiple elements at once by using special pattern matching rules using selectors. The general syntax is the selector (note: there are multiple types / rules), followed by the list of style properties to apply (in { } brackets, separated by ;):

/* tag selector (matches all <tag1> elements) */
tag1 { property1: value; ... }
/* ID selector (matches <tag id="unique-name-here">) */
#unique-name-here { color: red; ... }
/* Class selectors (matches <tag class="normal-text gray-bold">) */
/* Note: an element may have multiple classes */
.normal-text { font-size: 14pt; ... }
.gray-bold { color: gray; font-weight: bold; }
/* AND-combined selectors: e.g. matches only <tag1> with class="special" */
tag1.special { ... }
/* Nested selectors (element contained in another element) */
#my-header h1 { ... }
/* or direct descentant rule: */
.nav > .nav-item { ... } 

Thus, it becomes possible to create re-usable page elements (e.g., menus, various font styles, context boxes). This has led to the emergence of many CSS frameworks (e.g., Bootstrap, Foundation) facilitating the creation of responsive (accessible to both desktop + mobile devices) designs.

Serverside: Python / Flask

On the server-side, software must be running and listening for HTTP connections, optionally do application-specific processing and serve the requested web pages or files.

There are many standalone web server programs available on the market, with open-source software being the norm (e.g., Apache httpd, nginx, lighttpd) that can readily serve static resources and can be configured to execute third party interpreters to do server-side processing (e.g., PHP).

Moreover, modern programming languages (e.g., NodeJS, Golang, Python) have built-in HTTP servers and third-party libraries that makes web development setup a breeze and well integrated with the web application's processing needs.

Today, we will introduce Flask, a web framework for the Python language. Flask uses Python decorators (e.g., @decorator) to enhance functions and register them to be executed whenever the web server receives a HTTP request:

from flask import Flask, request
# first, create a Flask application instance
app = Flask("my_website")
def serve_page():
  """ Returns some basic HTML content. """
  return "<h1>hello world</h1>"

Of course, multiple URL patterns can also be captured by a single function, check the official Flask route documentation.

The routine must return a HTTP response which may either be HTML string, a rendered template, a redirection or a custom-built Response object:

from Flask import Flask, render_template, redirect, Response
def serve_template():
  return render_template("index.html", title="Hello World")
def serve_unauthorized():
  # Note: 303 is standard HTTP code for See Other redirect
  return redirect("/login.html", 303, "<h1>Redirecting, please wait...</h1>")
def serve_special_xml():
  return Response("<xml><author>Me</author></xml>", mimetype='text/xml')

Check Flask's Response object documentation for all available options.

Template Engines

A typical website has a common HTML design, with only portions of its code changing on a per-page basis with specific content. In order to prevent needless code duplication, a template engine is usually employed to obtain HTML documents from common layouts. A template is, basically, a HTML page interleaved with specific code blocks used to insert dynamically generated content from variables; many engines feature full programming languages that support loops and conditionals.

Flask readily integrates with the Jinja templating engine which uses Python-like statements to enrich a HTML page with programmatic content:

<!-- ... -->
    <h1>My Webpage is {{ awesome_variable }}</h1>
    <ul id="main-menu">
    {% for item in navigation %}
        <li><a href="{{ item.href }}">{{ item.caption }}</a></li>
    {% endfor %}
    {# a comment #}

The Jinja templates usually reside inside the project's templates/ directory (check the Flask documentation if you want to change it) and can be rendered using the render_template utility function.

Accessing HTTP request data

When Python is executing a Flask-decorated function, the request context is made available using the request member of the Flask package.

It contains all request data provided by the browser:

  • request.method: the requested HTTP method string (e.g., GET or POST);
  • request.args: a Python dict object with URL query string parameters, e.g. http://hostname/page.html?arg1=value&arg2=value;
  • request.form: HTML form data (for HTTP POST methods) as a dict object;
  • request.cookies: cookies stored by the browser (also a dict);
  • request.headers: other HTTP request headers;

Example code for printing data to the console:

from Flask import request # and many others
# ...
def my_request_handler():
  print("Method is", request.method)
  print("URL parameters:", request.args)
  # hint: access members using dict.get() method to have a default value:
  print(request.args.get("arg1", "default value"))
  if request.method == "POST":
    print("Any form data:", request.form)
  print("Cookies:", str(request.cookies))
  print("Headers:", str(request.headers))

Flask also parses many other request data formats (XML, JSON, multipart / file upload requests etc.) and provides helpers to manipulating them.

Finally, we note that the HTTP protocol is stateless: on its own, it doesn't retain anything from previous requests, e.g., the user's identity or navigation history.

Thus, it becomes the server's responsibility to use browser-assisted persistence mechanisms such as cookies to associate a HTTP request with a specific user, also called a Session. For security reasons, the server must specifically validate any data received from the user, often through cryptographic means.


In order to solve the tasks, you will need a modern browser (duh), a code editor supporting HTML, CSS and Python (e.g., Visual Studio Code / LunarVim), a Python 3 distribution (you must also have pip installed).

Next, we will need to install the Flask Python package using the PIP package manager:

# NOTE: choose the most appropriate command:
# Option 1: install globally (requires root / admin)
python3 -m pip install flask
# Option 2: install for the current user only (inside ~/.local/lib/python/ on Linux)
python3 -m pip install --user flask
# (this has the advantage of not polluting the Python's system packages)
# there is also the virtual environment way, if you know how to do that ;)


00. Getting Started

First, download the skeleton archive (.zip) and unzip it.

It has the following structure:

├── initial_design.html  # initial HTML template
├── public/
│   ├── bootstrap/ # bootstrap sources
│   ├── images/
│   └── style.css  # main stylesheet
├──      # server-side application
└── templates/     # Jinja templates

To test, open initial_design.html in a browser. It should look similar to the following screenshot:

Also, it would be a good idea to test your Python / Flask setup:

# it should say that the server is running on

01. [20p] Minor Design Changes

Our customer wants to make some changes to the website's design:

  • Add a header image with our logo at the top
    • Several candidates are present inside public/images/;
    • Hint: check out style.css for existing definitions!
  • Change the color (maybe something blue? depends on the image);
  • Make the content box have rounded borders (try 15px);
  • Insert some dummy content text (e.g., Lorem Ipsum);

Hint: search for TODOs inside HTML and CSS!

For linking images (or any other web resources, really): remember Unix relative paths (./path/to/file.jpg)? HTML has them (those URLs will be relative to your current file - as seen by the browser)!

In some cases (webpage has sub-paths, e.g., /account/details.html), you may also use absolute URLs (path begins with a / representing the server's root directory).

02. [30p] Integration with Flask backend

We now want to move the design from a static html file to using Flask Jinja template rendering. For this, you must:

  • Migrate / split the HTML code into templates/_base.html (base template) and templates/index.html (child);
  • Modify to call render_template and actually serve our new design.
  • Also create about.html and a Flask function for serving it (fill it with whatever content you want ;) );
  • Finally, fix the URLs in the template's menu to point to the appropriate pages.

03. [30p] Mock Authentication

Now it's the time to add authentication to our website.

  • You can use a simple server-side global variable (e.g., session) to store the user's state (e.g., an authenticated boolean + username).
  • Write the Flask functions for login.html and logout.html with the appropriate checks / actions.
  • Hint: also set the authenticated variable inside the Jinja template to conditionally display the user's status.

This is not really how it's done in practice, since the global variable will have the same value for all of the website's users (i.e., if one user authenticates, all other visitors will see the website in this state).

04. [20p] Advanced: File Database

As a final task, we want to store some of the user's personal data into a simple file-based “database” on the server.

  • Check the account-details.html template page for any TODOs there!
    • Ultimately, the form inputs should be pre-filled with the values stores inside the database.
  • Implement the /account-details route handler to read / write to the database.txt file on the server;
    • You will have to support both GET and POST, so make sure to edit the decorator's arguments!
ii/labs/s2/02.txt · Last modified: 2023/04/11 10:56 by radu.mantu
CC Attribution-Share Alike 3.0 Unported Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0