4.1 跨站请求伪造保护
安装flask-wtf
app = Flask(__name__)
app.config['SECRET_KEY'] = 'hard to guess string'
密钥不应写在代码中,具体信息会在第7章介绍。
4.2 表单类
// 定义表单类
from flask_wtf import Form
from wtforms import StringField, SubmitField
from wtforms.validators import Requiredclass NameForm(Form):
name = StringField('What is your name?', validators=[Required()])
submit = SubmitField('Submit')
4.3 把表单渲染成HTML
<form method="POST">
{{ form.hidden_tag() }}
{{ form.name.label }} {{ form.name(id='my-text-field') }}
{{ form.submit() }}
</form>
使用flask-bootstrap渲染
{% import "bootstrap/wtf.html" as wtf %}
{{ wtf.quick_form(form) }}
index.html
{% extends "base.html" %}
{% import "bootstrap/wtf.html" as wtf %}{% block title %}Flasky{% endblock %}{% block page_content %}
<div class="page-header">
<h1>Hello, {% if name %}{{ name }}{% else %}Stranger{% endif %}!</h1>
</div>
{{ wtf.quick_form(form) }}
{% endblock %}
4.4 在视图函数中处理表单
@app.route('/', methods=['GET', 'POST'])
def index():
name = None
form = NameForm()
if form.validate_on_submit():
name = form.name.data
form.name.data = ''
return render_template('index.html', form=form, name=name)
validate_on_submit() 传入的值通过验证则返回True
4.5 重定向和用户会话
@app.route('/', methods=['GET', 'POST'])
def index():
form = NameForm()
if form.validate_on_submit():
session['name'] = form.name.data
return redirect(url_for('index'))
return render_template('index.html', form=form, name=session.get('name'))
4.6 Flash消息
@app.route('/', methods=['GET', 'POST'])
def index():
form = NameForm()
if form.validate_on_submit():
old_name = session.get('name')
if old_name is not None and old_name != form.name.data:
flash('Looks like you have changed your name!')
session['name'] = form.name.data
return redirect(url_for('index'))
return render_template('index.html', form=form, name=session.get('name'))
{% block content %}
<div class="container">
{% for message in get_flashed_messages() %}
<div class="alert alert-warning">
<button type="button" class="close" data-dismiss="alert">×</button>
{{ message }}
</div>
{% endfor %} {% block page_content %}{% endblock %}
</div>
{% endblock %}