application.py
import os

from google.appengine.ext import webapp
from google.appengine.ext.webapp.util import run_wsgi_app
from google.appengine.ext.webapp import template

page_header = """
<!doctype html>
<html>
  <head>
    <link rel="stylesheet" href="/static/styles.css" />
  </head>

  <body id="reflected-demo">
    <img src="/static/demos/bobazillion.png">
      <div>
"""

page_footer = """
      <script>top.postMessage(window.location.toString(), "*");</script>
    </div>
  </body>
</html>
"""

main_page_markup = """
<form action="" method="GET">
  <input id="query" name="query" value="Enter query here..."
    onfocus="this.value=''">
  <input id="button" type="submit" value="Search">
</form>
"""

class MainPage(webapp.RequestHandler):

  def render_string(self, s):
    self.response.out.write(s)

  def get(self):
    # Disable the reflected XSS filter for demonstration purposes
    self.response.headers.add_header("X-XSS-Protection", "0")

    if not self.request.get('query'):
      # Show main search page
      self.render_string(page_header + main_page_markup + page_footer)
    else:
      query = self.request.get('query', '[empty]')
      
      # Our search engine broke, we found no results :-(
      message = "Sorry, no results were found for <b>" + query + "</b>."
      message += " <a href='?'>Try again</a>."

      # Display the results page
      self.render_string(page_header + message + page_footer)
    
    return

application = webapp.WSGIApplication([ ('.*', MainPage), ], debug=False)

def main():
  run_wsgi_app(application)

if __name__ == '__main__':
  main()