I would like a form validation library that
1.separate html generation from form validation;
2.validation errors can be easily serialized, eg. dumped as a json object
What form validation library would you choose in a python web project?
When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.
Input validation prevents improperly formed data from entering an information system. Because it is difficult to detect a malicious user who is trying to attack software, applications should check and validate all input entered into a system.
Types of Validation in Python For example, int, float, etc. Length Check: This validation technique in python is used to check the given input string's length. Range Check: This validation technique in python is used to check if a given number falls in between the two numbers.
Disclaimer
Generally speaking I'm a little wary about HTML form libraries now. If you use something from a mega-framework, you invariably have to bring in the whole mega-framework as your dependency.
Many sub-components of many mega-frameworks claim to not depend on the framework but let's not kid ourselves. If you don't use one, there are at least a dozen form libraries that I know of out there with a wide range of differences in capabilities. Just the choices alone can get quite confusing. Generally speaking, as Ian Bicking says many years ago and is still true, I think the notion of one form library that suits everybody is quite ludicrous. In fact I'd argue you probably need to think twice before deciding you really need one. Chances are mostly of the time you just need a form validation library like FormEncode. It really depends on how you want to use it.
For me, since I don't use a mega-framework, I'd choose something light-weight, easy to pick up and configure, and something that doesn't get in the way of the normal usage of HTML/JS/CSS.
END Disclaimer
I've tried ToscaWidgets, ToscaWidgets 2, Formish, Deform, WTForms and FormEncode. I have to say none of them is anywhere near perfect. Here's my experience with them:
As of the end of 2012, a quick Google and PyPI search for a Python validation library comes back with hundreds of packages. There are a little more than a dozen notable ones, discounting those Django extensions, that are under active development. There seems to be a trend towards defining a schema using JSON-Schema and being able to generically validate Python data structures. This is likely a reflection of the server application developers' moving accepting user data from multiple channels (RESTful APIs and HTML forms), but remain wanting to use only one validation library.
Given the release of Python 3.3 will likely spark a massive movement towards porting existing libraries over to support Python 3.x (the flip side of that is seeing old libraries stagnant and remain compatible only with Python 2.x), it may be wise to choose one that already supports or is working actively to support Python 3.x.
Lastly, another great area of concern when choosing a form validation library is the ability to report useful error messages, which invariably includes the need for the localization of error messages in the long run. The ease of supplying your own error messages will quickly determine the complexity of integrating the library with the rest of your Web application architecture.
Promising up-and-comers:
I'd probably pick WTForms.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With