Is there a way to hide the csrf label while looping through form using Flask and Flask-WTForms?
I have very simple contact form and I would like to hide the label somehow so that it doesn\'t show Csrf Token. I am using Flask and Flask-WTForms and am render
-
I think this should work too:
{% for field in form if field.id != 'csrf_token' %} {{ field.label }} {{ field }} {% endfor %}讨论(0) -
I made a macro recently to submit forms through ajax in order to not reload the webpage and send it to the api directly.
{% macro render_fields3(form, form_name, method) %} <form class="ajax" name={{ form_name }} method={{ method }}> {{ form.hidden_tag() }} {% for field in form if field.widget.input_type != 'hidden' %} <dt>{{ field.label }} <dd>{{field(id=field.name + method)|safe}} {% if field.errors %} <ul class=errors> {% for error in field.errors %} <li>{{ error }}</li> {% endfor %} </ul> {% endif %} </dd> {% endfor %} </form> {% endmacro %}讨论(0) -
If you want a more general solution that works for all hidden fields instead of just the CSRF token:
{{ form.hidden_tag() }} {% for field in form if field.widget.input_type != 'hidden' %} {{ field.label }} {{ field }} {% endfor %}form.hidden_tag()is supplied by Flask-WTF.讨论(0) -
Just to add to JD's excellent answer...
For those stumbling across this question: You can avoid losing the (csrf) hidden field (and thus protection) by adding the condition "if field.widget.input_type!='hidden' " specifically to the label instead of to the form iterator.
i.e.:
not
{{ form.hidden_tag() }} {% for field in form if field.widget.input_type != 'hidden' %} {{ field.label }} {{ field }} {% endfor %}but
{{ form.hidden_tag() }} {% for field in form %} {% if field.widget.input_type != 'hidden' %} {{ field.label }} {% endif %} {{ field }} {% endfor %}讨论(0) -
I have found the way to do it like this:
{% if field.id != 'csrf_token' %}I believe this to be less hacky. I found this from modifying the example here in the docs.
讨论(0)
加载中...
- 热议问题