Menu
I've been curious lately what the benefits of using WTForms to submit data to flask is? Plain HTML, JavaScript, or bootstrap form seem easier to style and easier to submit with. Plus you can leave out all the python code required to create a WTForms class. Can someone explain what an advantage would be?
775
I could say CSRF protection is one of the greatest reasons, but there are a lot of reasons why one would use WTFroms over plain HTML forms.
basically, if your project has a lot of form's looking the same with minor differences, WTForms would be of great help.
and then you have validations out of the box, you use a simple validation for Email and all other kind's of data, and they are there, no need to bother with writing your own validators and keep maintaining them.
CSRF is one of the owasp top 10 attacks[1], so providing good protection over this is really important.
146
WTForms are really useful it does a lot of heavy lifting for you when it comes to data validation on top of the
CSRF protection.
Another useful thing is the use combined with Jinja2 where you need to write less code to render the form.
Note: Jinja2 is one of the most used template engines for Python.
for example, When using a FlaskForm, rendering the form's CSRF field woudl be like this.
<form method="post">
{{ form.csrf_token }}
</form>
But If the template doesn't use a FlaskForm, you need to render a hidden input with the token in the form.
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
</form>
In a way, it's less code.
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
