Is this just a search form making GET requests open to the public? In that case, I don't think you need to worry about CSRF or input sanitizing.
Anthony On Monday, January 27, 2014 2:16:04 PM UTC-5, Apple Mason wrote: > > If I manually create the raw html form and set the action attribute, how > would I get csrf protection? SQLFORM would generate a token to handle this, > but wouldn't I lack this protection is I write the html myself? Also, since > there's no form.process().accepted, does this also mean I'm open to > unsanitized input from the webuser? > > On Monday, January 27, 2014 1:11:27 PM UTC-5, Anthony wrote: >> >> You can set the "action" attribute of the form to the URL of your >> searchbar() function (you might also change the method from post to get >> since the form is for search). How you create the form itself in the view >> depends on your needs. Do you just need a single text search field? What >> does the search function do to return results? >> >> Anthony >> >> On Monday, January 27, 2014 1:02:03 PM UTC-5, Apple Mason wrote: >>> >>> I found this thread that has a similar problem: >>> >>> https://groups.google.com/forum/#!searchin/web2py/form$20in$20layout.html/web2py/JRxUYp_YpHk/4uVM7kg9Ja4J >>> >>> The example was: >>> >>> def contact(): >>> form=SQLFORM.factory(....) >>> if form.accepts(....) >>> return form # not dict(form=form) >>> >>> and in layout.html >>> >>> {{=LOAD('default','contact')}} >>> >>> But in my case I would like to use {{=form.custom.begin}} and >>> {{=form.custom.end}} to format the html in a certain way. How would this be >>> possible? >>> >>> Also, is it possible to not use javascript to have a search form on >>> every page? >>> >>> On Monday, January 27, 2014 12:20:50 AM UTC-5, Apple Mason wrote: >>>> >>>> Oh, it's probably because the url is /index.html and not >>>> /searchform.html. >>>> >>>> In that case, how would I create a search form that is present globally >>>> in the site? >>>> >>>> On Monday, January 27, 2014 12:04:43 AM UTC-5, Apple Mason wrote: >>>>> >>>>> My controller default.py: >>>>> >>>>> def searchbar: >>>>> form = SQLFORM(....) >>>>> >>>>> return (form=form) >>>>> >>>>> >>>>> >>>>> >>>>> On Monday, January 27, 2014 12:03:37 AM UTC-5, Apple Mason wrote: >>>>>> >>>>>> I have a search bar that I want to display on every page, but >>>>>> something is not working. Here is an example of what I have: >>>>>> >>>>>> layout.html: >>>>>> >>>>>> <html> >>>>>> <body> >>>>>> >>>>>> <div class="searchbar"> >>>>>> {{include 'default/searchbar.html'}} >>>>>> </div> >>>>>> >>>>>> <div class="main"></div> >>>>>> </body> >>>>>> </html> >>>>>> >>>>>> >>>>>> >>>>>> In default/searchbar.html: >>>>>> >>>>>> {{=form}} >>>>>> >>>>>> >>>>>> >>>>>> But web2py doesn't find the searchbar controller function. I get an >>>>>> error: >>>>>> >>>>>> "NameError: name 'form' is not defined" >>>>>> >>>>>> >>>>>> >>>>>> because searchbar.html can't find {{=form}}. >>>>>> >>>>>> There have been some threads that use javascript for this, but I >>>>>> don't want to use that. Is there a pure html solution for this? >>>>>> >>>>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
