If I manually create the raw html form and set the action attribute, how would I get csrf protection? SQLFORM would generate a token to handle this, but wouldn't I lack this protection is I write the html myself? Also, since there's no form.process().accepted, does this also mean I'm open to unsanitized input from the webuser?
On Monday, January 27, 2014 1:11:27 PM UTC-5, Anthony wrote: > > You can set the "action" attribute of the form to the URL of your > searchbar() function (you might also change the method from post to get > since the form is for search). How you create the form itself in the view > depends on your needs. Do you just need a single text search field? What > does the search function do to return results? > > Anthony > > On Monday, January 27, 2014 1:02:03 PM UTC-5, Apple Mason wrote: >> >> I found this thread that has a similar problem: >> >> https://groups.google.com/forum/#!searchin/web2py/form$20in$20layout.html/web2py/JRxUYp_YpHk/4uVM7kg9Ja4J >> >> The example was: >> >> def contact(): >> form=SQLFORM.factory(....) >> if form.accepts(....) >> return form # not dict(form=form) >> >> and in layout.html >> >> {{=LOAD('default','contact')}} >> >> But in my case I would like to use {{=form.custom.begin}} and >> {{=form.custom.end}} to format the html in a certain way. How would this be >> possible? >> >> Also, is it possible to not use javascript to have a search form on every >> page? >> >> On Monday, January 27, 2014 12:20:50 AM UTC-5, Apple Mason wrote: >>> >>> Oh, it's probably because the url is /index.html and not >>> /searchform.html. >>> >>> In that case, how would I create a search form that is present globally >>> in the site? >>> >>> On Monday, January 27, 2014 12:04:43 AM UTC-5, Apple Mason wrote: >>>> >>>> My controller default.py: >>>> >>>> def searchbar: >>>> form = SQLFORM(....) >>>> >>>> return (form=form) >>>> >>>> >>>> >>>> >>>> On Monday, January 27, 2014 12:03:37 AM UTC-5, Apple Mason wrote: >>>>> >>>>> I have a search bar that I want to display on every page, but >>>>> something is not working. Here is an example of what I have: >>>>> >>>>> layout.html: >>>>> >>>>> <html> >>>>> <body> >>>>> >>>>> <div class="searchbar"> >>>>> {{include 'default/searchbar.html'}} >>>>> </div> >>>>> >>>>> <div class="main"></div> >>>>> </body> >>>>> </html> >>>>> >>>>> >>>>> >>>>> In default/searchbar.html: >>>>> >>>>> {{=form}} >>>>> >>>>> >>>>> >>>>> But web2py doesn't find the searchbar controller function. I get an >>>>> error: >>>>> >>>>> "NameError: name 'form' is not defined" >>>>> >>>>> >>>>> >>>>> because searchbar.html can't find {{=form}}. >>>>> >>>>> There have been some threads that use javascript for this, but I don't >>>>> want to use that. Is there a pure html solution for this? >>>>> >>>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
