- Forms can be scary from a security perspective.
- WTForms (and Flask-WTF) make it easy to define, secure and render your forms.
- Use the CSRF protection provided by Flask-WTF to secure your forms.
- You can use sFlask-WTF to protect AJAX calls against CSRF attacks too.
- Define custom form validators to keep validation logic out of your views.
- Use the WTForms field rendering to render your form's HTML so you don't have to update it every time you make some changes to the form definition.