Explore Flask

11.2. Summary

  • Forms can be scary from a security perspective.
  • WTForms (and Flask-WTF) make it easy to define, secure and render your forms.
  • Use the CSRF protection provided by Flask-WTF to secure your forms.
  • You can use sFlask-WTF to protect AJAX calls against CSRF attacks too.
  • Define custom form validators to keep validation logic out of your views.
  • Use the WTForms field rendering to render your form's HTML so you don't have to update it every time you make some changes to the form definition.