I've been curious lately what the benefits of using WTForms to submit data to flask is? Plain HTML, JavaScript, or bootstrap form seem easier to style and easier to submit with. Plus you can leave out all the python code required to create a WTForms class. Can someone explain what an advantage would be?
I could say CSRF protection is one of the greatest reasons, but there are a lot of reasons why one would use WTFroms over plain HTML forms.
- CSRF protection out of the box
- Form validation out the box
- WTForms come as classes, so all the good come's from an object form.
basically, if your project has a lot of form's looking the same with minor differences, WTForms would be of great help.
and then you have validations out of the box, you use a simple validation for Email and all other kind's of data, and they are there, no need to bother with writing your own validators and keep maintaining them.
CSRF is one of the owasp top 10 attacks[1], so providing good protection over this is really important.
来源:https://stackoverflow.com/questions/45973346/why-use-wtforms-instead-of-just-posting-with-html