开发者接口¶
该部分文档涵盖了 Flask-WTF 的全部接口。
表单和字段¶
-
class
flask_wtf.
Form
(formdata=<class flask_wtf.form._Auto at 0x10627ed50>, obj=None, prefix='', csrf_context=None, secret_key=None, csrf_enabled=None, *args, **kwargs)¶ Flask-specific subclass of WTForms SecureForm class.
If formdata is not specified, this will use flask.request.form. Explicitly pass formdata = None to prevent this.
Parameters: - csrf_context – a session or dict-like object to use when making CSRF tokens. Default: flask.session.
- secret_key –
a secret key for building CSRF tokens. If this isn’t specified, the form will take the first of these that is defined:
- SECRET_KEY attribute on this class
- WTF_CSRF_SECRET_KEY config of flask app
- SECRET_KEY config of flask app
- session secret key
- csrf_enabled – whether to use CSRF protection. If False, all csrf behavior is suppressed. Default: WTF_CSRF_ENABLED config value
Wraps hidden fields in a hidden DIV tag, in order to keep XHTML compliance.
New in version 0.3.
Parameters: fields – list of hidden field names. If not provided will render all hidden fields, including the CSRF field.
-
is_submitted
()¶ Checks if form has been submitted. The default case is if the HTTP method is PUT or POST.
-
validate_csrf_data
(data)¶ Check if the csrf data is valid.
Parameters: data – the csrf string to be validated.
-
validate_on_submit
()¶ Checks if form has been submitted and if so runs validate. This is a shortcut, equivalent to
form.is_submitted() and form.validate()
-
class
flask_wtf.
RecaptchaField
(label='', validators=None, **kwargs)¶
-
class
flask_wtf.
Recaptcha
(message=None)¶ Validates a ReCaptcha.
-
class
flask_wtf.
RecaptchaWidget
¶
-
class
flask_wtf.file.
FileField
(label=None, validators=None, filters=(), description=u'', id=None, default=None, widget=None, _form=None, _name=None, _prefix=u'', _translations=None, _meta=None)¶ Werkzeug-aware subclass of wtforms.FileField
Provides a has_file() method to check if its data is a FileStorage instance with an actual file.
-
has_file
()¶ Return True iff self.data is a FileStorage with file data
-
-
class
flask_wtf.file.
FileAllowed
(upload_set, message=None)¶ Validates that the uploaded file is allowed by the given Flask-Uploads UploadSet.
Parameters: - upload_set – A list/tuple of extention names or an instance
of
flask.ext.uploads.UploadSet
- message – error message
You can also use the synonym file_allowed.
- upload_set – A list/tuple of extention names or an instance
of
-
class
flask_wtf.file.
FileRequired
(message=None)¶ Validates that field has a file.
Parameters: message – error message You can also use the synonym file_required.
-
class
flask_wtf.html5.
SearchInput
(input_type=None)¶ Renders an input with type “search”.
-
class
flask_wtf.html5.
SearchField
(label=None, validators=None, filters=(), description=u'', id=None, default=None, widget=None, _form=None, _name=None, _prefix=u'', _translations=None, _meta=None)¶ Represents an
<input type="search">
.
-
class
flask_wtf.html5.
URLInput
(input_type=None)¶ Renders an input with type “url”.
-
class
flask_wtf.html5.
URLField
(label=None, validators=None, filters=(), description=u'', id=None, default=None, widget=None, _form=None, _name=None, _prefix=u'', _translations=None, _meta=None)¶ Represents an
<input type="url">
.
-
class
flask_wtf.html5.
EmailInput
(input_type=None)¶ Renders an input with type “email”.
-
class
flask_wtf.html5.
EmailField
(label=None, validators=None, filters=(), description=u'', id=None, default=None, widget=None, _form=None, _name=None, _prefix=u'', _translations=None, _meta=None)¶ Represents an
<input type="email">
.
-
class
flask_wtf.html5.
TelInput
(input_type=None)¶ Renders an input with type “tel”.
-
class
flask_wtf.html5.
TelField
(label=None, validators=None, filters=(), description=u'', id=None, default=None, widget=None, _form=None, _name=None, _prefix=u'', _translations=None, _meta=None)¶ Represents an
<input type="tel">
.
-
class
flask_wtf.html5.
NumberInput
(step=None)¶ Renders an input with type “number”.
-
class
flask_wtf.html5.
IntegerField
(label=None, validators=None, **kwargs)¶ Represents an
<input type="number">
.
-
class
flask_wtf.html5.
DecimalField
(label=None, validators=None, places=<unset value>, rounding=None, **kwargs)¶ Represents an
<input type="number">
.
-
class
flask_wtf.html5.
RangeInput
(step=None)¶ Renders an input with type “range”.
-
class
flask_wtf.html5.
IntegerRangeField
(label=None, validators=None, **kwargs)¶ Represents an
<input type="range">
.
-
class
flask_wtf.html5.
DecimalRangeField
(label=None, validators=None, places=<unset value>, rounding=None, **kwargs)¶ Represents an
<input type="range">
.
CSRF 保护¶
-
class
flask_wtf.csrf.
CsrfProtect
(app=None)¶ Enable csrf protect for Flask.
Register it with:
app = Flask(__name__) CsrfProtect(app)
And in the templates, add the token input:
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
If you need to send the token via AJAX, and there is no form:
<meta name="csrf_token" content="{{ csrf_token() }}" />
You can grab the csrf token with JavaScript, and send the token together.
-
error_handler
(view)¶ A decorator that set the error response handler.
It accepts one parameter reason:
@csrf.error_handler def csrf_error(reason): return render_template('error.html', reason=reason)
By default, it will return a 400 response.
-
exempt
(view)¶ A decorator that can exclude a view from csrf protection.
Remember to put the decorator above the route:
csrf = CsrfProtect(app) @csrf.exempt @app.route('/some-view', methods=['POST']) def some_view(): return
-
-
flask_wtf.csrf.
generate_csrf
(secret_key=None, time_limit=None)¶ Generate csrf token code.
Parameters: - secret_key – A secret key for mixing in the token, default is Flask.secret_key.
- time_limit – Token valid in the time limit, default is 3600s.
-
flask_wtf.csrf.
validate_csrf
(data, secret_key=None, time_limit=None)¶ Check if the given data is a valid csrf token.
Parameters: - data – The csrf token value to be checked.
- secret_key – A secret key for mixing in the token, default is Flask.secret_key.
- time_limit – Check if the csrf token is expired. default is True.