def index(request):
form = FeedbackForm(request)
if request.method == 'POST' and form.validate():
note = form.note.data
msg = '{} - {}'.format(datetime.now(), note)
session.setdefault('fb', []).append(msg)
return response.redirect('/')
# NOTE: trusting user input here, never do that in production
feedback = ''.join('<p>{}</p>'.format(m) for m in session.get('fb', []))
# Ah, f string, so, python 3.6, what do you expect from someone brave
# enough to use sanic... :)
content = f"""
<h1>Form with CSRF Validation</h1>
<p>Try <a href="/fail">form</a> that fails CSRF validation</p>
{feedback}
<form action="" method="POST">
{'<br>'.join(form.csrf_token.errors)}
{form.csrf_token}
{'<br>'.join(form.note.errors)}
<br>
{form.note(size=40, placeholder="say something..")}
{form.submit}
</form>
"""
return response.html(content)
评论列表
文章目录
