1. 技术文章
  2. Is there a way to hide the csrf label while looping through form using Flask and Flask-WTForms?

Is there a way to hide the csrf label while looping through form using Flask and Flask-WTForms?

流过昼夜 提交于 2019-12-18 03:03:27

问题


I have very simple contact form and I would like to hide the label somehow so that it doesn't show Csrf Token. I am using Flask and Flask-WTForms and am rendering the form like this:

{% for field in form %}
    {{ field.label }}
    {{ field }}
{% endfor %}

So basically this shows my inputs correctly and the csrf oen is hidden but the label isn't hidden? Should I get over it and implicitly say form.field_name instead of looping through the form or is there a way to handle this "corner case".

I was thinking about doing a logical check in either the for loop declaration or the label declaration but so far I haven't found anything in the documentation that has worked.

Thanks

EDIT: I have "fixed" the problem by doing this but it feels kinda dirty and hacky which I don't like I am still open to a better solution:

{% if not loop.first %}
    {{ field.label }}
{% endif %}

回答1:


If you want a more general solution that works for all hidden fields instead of just the CSRF token:

{{ form.hidden_tag() }}
{% for field in form if field.widget.input_type != 'hidden' %}
  {{ field.label }}
  {{ field }}
{% endfor %}

form.hidden_tag() is supplied by Flask-WTF.




回答2:


Just to add to JD's excellent answer...

For those stumbling across this question: You can avoid losing the (csrf) hidden field (and thus protection) by adding the condition "if field.widget.input_type!='hidden' " specifically to the label instead of to the form iterator.

i.e.:

not

{{ form.hidden_tag() }}
{% for field in form if field.widget.input_type != 'hidden' %}
      {{ field.label }}
{{ field }}
{% endfor %}

but

{{ form.hidden_tag() }}
{% for field in form %}
  {% if field.widget.input_type != 'hidden' %} {{ field.label }} {% endif %}
  {{ field }}
{% endfor %}



回答3:


I think this should work too:

{% for field in form if field.id != 'csrf_token' %}
    {{ field.label }}
    {{ field }}
{% endfor %}



回答4:


I have found the way to do it like this:

{% if field.id != 'csrf_token' %}

I believe this to be less hacky. I found this from modifying the example here in the docs.




回答5:


I made a macro recently to submit forms through ajax in order to not reload the webpage and send it to the api directly.

{% macro render_fields3(form, form_name, method) %}
<form class="ajax" name={{ form_name }} method={{ method }}>
{{ form.hidden_tag() }}
{% for field in form if field.widget.input_type != 'hidden' %}
    <dt>{{ field.label }}
    <dd>{{field(id=field.name + method)|safe}}
    {% if field.errors %}
      <ul class=errors>
      {% for error in field.errors %}
        <li>{{ error }}</li>
      {% endfor %}
      </ul>
    {% endif %}
    </dd>
  {% endfor %}

</form>
{% endmacro %}


来源:https://stackoverflow.com/questions/10763139/is-there-a-way-to-hide-the-csrf-label-while-looping-through-form-using-flask-and

标签
python
Flask
jinja2
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!