[摘要] As people share more personal data on the web, it is increasingly important to correctly enforce policies on sensitive data. To address this problem, we have developed Jelf, a web framework that allows the programmer to separate the implementation of information flow policies from the rest of the functionality. The framework builds on previous work on the Jeeves programming language [28, 7] for automatically enforcing privacy policies. Our approach is novel in that it provides end-to-end guarantees by mediating interactions between the front-end, application, and database layers. The programmer only needs to specify information flow policies once for automatic enforcement across the web framework. To build Jelf, we have integrated Jeeves with Python and extended the Django web framework. Jelf consists of a Django template layer, a Python Jeeves application layer, and a Jeeves-compatible database layer. Our Python integration does not require changing the Python interpreter: we use have implemented our solution as a dynamic source transformation and a runtime library. The programmer may use Jelf with Python 2.7 and a standard SQL database. We have used Jelf to implement a conference management system. We describe the implementation and performance of this conference management system, as well as our experience using and running Jelf. Jelf policies comprise less than 3% of the code base and are concentrated in one place. We have deployed this system to collect submissions and reviews for an actual workshop.