Re: Proposal: django.forms.SafeForm - forms with built in CSRF protection

Brian Beck Mon, 22 Sep 2008 14:12:54 -0700

On Sep 22, 5:01 pm, Brian Beck <[EMAIL PROTECTED]> wrote:
> But still, the situation dictates the need for SafeForm, not the form
> author.  If this becomes best practice, essentially *every* form will
> need to be initialized with a request.


What about something like:

def protect_form(form_class):
    class SafeForm(form_class):
        csrf_token = CharField(...)
        def clean_csrf_token(self):
            ...
    return SafeForm

protect_form(ThirdPartyForm)(request.POST, request=request)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---

Re: Proposal: django.forms.SafeForm - forms with built in CSRF protection

Reply via email to