On Friday, July 15, 2011 10:53:55 AM UTC-4, Carl wrote:
>
> that's excellent news (and thanks for those links).
>
> if I'm defining the HTML of a form in a file in my views/ directory
> how do I leverage this gatekeeper?
>
If you're building forms manually in HTML, you'll still have to call
form.accepts(..., session) in your action in order to have the formkey (a)
generated prior to form submission and (b) checked against the session upon
submission. To include the two hidden fields (_formname and _formkey) in
your manually created form, you can do:
{{=form.hidden_fields()}}
Anthony
